ARS Technica published an article on how the Russian underground economy has democratized cybercrime.
Quoting a report from security firm Trend Micro, the site writes that buying a botnet costs around $700, and if you want to rent one you can do so for as little as $2 an hour. Spamming a million e-mail addresses goes for $10, and if you need a Trojan to spy on your girlfriend you can purchase one for $350.
Russian Underground 101 details the range of products on offer in this established market—Ferguson says that they can be for targeting anyone "from consumers to small businesses." He points to ZeuS, a hugely popular trojan that's been around for at least six years. It creates botnets that remotely store personal information gleaned from users' machines, and has been discovered within the networks of large organizations like Bank of America, NASA, and Amazon. In 2011, the source code for ZeuS was released into the wild—now, Ferguson says, "it's become a criminal open source project." Versions of ZeuS sell for between $200 and $500.
Here's some of what you can buy on the Russian underground:
Basic crypter (for inserting rogue code into a benign file): $10-30
SOCKS bot (to get around firewalls): $100
Hiring a DDoS attack: $30-70 for a day, $1,200 for a month
Email spam: $10 per one million e-mails
Expensive email spam (using a customer database): $50-500 per one million e-mails
SMS spam: $3-150 per 100-100,000 messages
Bots for a botnet: $200 for 2,000 bots
DDoS botnet: $700
ZeuS source code: $200-$500
Windows rootkit (for installing malicious drivers): $292
Hacking a Facebook or Twitter account: $130
Hacking a Gmail account: $162
Hacking a corporate mailbox: $500)
Scans of legitimate passports: $5 each
Winlocker ransomware: $10-20
Unintelligent exploit bundle: $25
Intelligent exploit bundle: $10-3,000
Traffic: $7-15 per 1,000 visitors for the most valuable traffic (from the US and EU)