Saturday, 3 November 2007

Hacking as a Business Model

Now we can find sites that are specialized in giving dark side security services , in other words you pay them to infect people with virus and malware.
The website that gives this service charges per PC infection (which they call it load) - please note that the website domain is "".
Still Linux Desktop PCs are safe from such an attack
I'm not sure if visiting the webiste is safe or not.
complete report is below

Security researchers studying the latest Internet crime trends have discovered a new Eastern European website that uses a large botnet to infect vulnerable PCs. The operators of the botnet and website charge clients for each successful PC infection.
The site is likely based out of Russia, according to the security researcher’s sources who asked to remain anonymous because of their underground intelligence work. While the front-end website, called, doesn't appear to contain or deliver malware, readers are strongly urged to avoid visiting the site in case malware is present and because the site likely logs the IP addresses of its visitors. (The “.cc” Internet domain is assigned to the Australian territories of the Cocos and Keeling Islands.

The sources discovered the site while performing forensics on some servers known to host malware. They say that, when last checked, was still in operation.

A view of the homepage, provided by researchers.

This service is another example of a service-based hacking product, similar to others recently reported here, that opens up Internet crime to less technically proficient criminals. Rather than compete with some of the other services, it actually complements them.

Whoever is running controls a botnet that may include up to several million PCs in its network, according to the sources. The operator of the site provides real-time information on the size and availability of the botnet. The site operator charges clients for using the botnet to infect computers with whatever malware the customer chooses. The going rate at the time of its discovery was about 20 cents per "load," or per successful injection into a vulnerable PC.

A client can ask in advance for a certain number of infections, say 1,000 infections for a $200 fee. Customers can also pay for loads based on country, IP addresses or other attributes. Once the job is done, the client receives a report—essentially an itemized bill—of the IP addresses where loads were successful. Then the perpetrators can pursue their goals: For example, they could potentially distribute spam, grab PC owners’ online banking information, or steal log-in credentials.

Ref URL h3r3

No comments:

FEEDJIT Live Traffic Feed