Russian Underground 101 details the range of products on offer in this established market—Ferguson says that they can be for targeting anyone "from consumers to small businesses." He points to ZeuS, a hugely popular trojan that's been around for at least six years. It creates botnets that remotely store personal information gleaned from users' machines, and has been discovered within the networks of large organizations like Bank of America, NASA, and Amazon. In 2011, the source code for ZeuS was released into the wild—now, Ferguson says, "it's become a criminal open source project." Versions of ZeuS sell for between $200 and $500.
Here's some of what you can buy on the Russian underground:
Basic crypter (for inserting rogue code into a benign file): $10-30 SOCKS bot (to get around firewalls): $100 Hiring a DDoS attack: $30-70 for a day, $1,200 for a month Email spam: $10 per one million e-mails Expensive email spam (using a customer database): $50-500 per one million e-mails SMS spam: $3-150 per 100-100,000 messages Bots for a botnet: $200 for 2,000 bots DDoS botnet: $700 ZeuS source code: $200-$500 Windows rootkit (for installing malicious drivers): $292 Hacking a Facebook or Twitter account: $130 Hacking a Gmail account: $162 Hacking a corporate mailbox: $500) Scans of legitimate passports: $5 each Winlocker ransomware: $10-20 Unintelligent exploit bundle: $25 Intelligent exploit bundle: $10-3,000 Traffic: $7-15 per 1,000 visitors for the most valuable traffic (from the US and EU)
Cybercrime services sold for democratic prices in Russia
Posted on Monday, Nov 05 2012 @ 11:39 CET by Thomas De Maesschalck
ARS Technica published an article on how the Russian underground economy has democratized cybercrime. Quoting a report from security firm Trend Micro, the site writes that buying a botnet costs around $700, and if you want to rent one you can do so for as little as $2 an hour. Spamming a million e-mail addresses goes for $10, and if you need a Trojan to spy on your girlfriend you can purchase one for $350.