Are Botnets Beating Us in the War on Spam? - Going for the Money

(Page 4 of 5 )

The Russian botnet is just one of many, though it is admittedly one of the largest. When you’re dealing with numbers this large, it doesn’t take a high percentage of answered spams to get a respectable payoff. Indeed, there are some ways of generating money with a botnet that don’t involve sending spam at all.

An article in eWeek dated to early September 2006 detailed how one botnet builder set himself up to earn money from multiple sources. The German Honeynet Project, which was tracking the MS06-04 worm at the time, spotted a botnet that infected more than 7,700 machines with the worm – and some bonus software. As it turned out, it was also installing ad-serving software from DollarRevenue. This company offers a per-installation commission that ranges from a penny to thirty cents depending on where the computer is located.

Project founder Thorsten Holz noted that the “bot herder,” as hackers controlling botnets are called, is conducting a lucrative business. “He’s earning more than $430 in a single day with DollarRevenue, and that’s not the only piece of adware he’s installing. He’s installing others and also renting out his botnet to spammers.”

With botnets turning into a real business, bot herders are getting smarter in how they’re running their networks, both to avoid detection and to maximize income. Holz noted that bot herders “keep the size of the botnets low on purpose to avoid too much noise.” Even so, bot numbers are growing; the SANS Internet Storm Center said that it saw the number of attacking client machines grow from 770,000 on October 15 to 1,845,000 just six days later – an increase of more than 100 percent.

Another way they’re avoiding detection is by sending out less email. According to Simon Heron, a director at security company Network Box, “In the old days, a compromised machine would start cranking out thousands of emails per hour,” thus slowing down the system so that it “became very easy to realize that you’d been violated.” Botnets now send out smaller bunches of email from each machine, so it takes much longer for a user to realize they’re infected.

Bot herders maximize income by using their botnets for multiple purposes (installing affiliate adware that awards a commission, renting it out to spammers, spamming through it themselves, etc.). They have also learned from legitimate businesses to target their spam to those who are most likely to be interested. I already mentioned in a previous section how one botnet seems to have targeted individuals interested in stocks for pump-and-dump stock spam. Some hackers have even targeted their spam to where the recipients work in an effort to increase the amount of money they make per spam message.

Next: No End in Sight? >>
 

More Web Hosting News Articles
More By Terri Wells

Comments On: Are Botnets Beating Us in the War on Spam?

· I hope you found this article interesting and informative; thanks for reading....    · A very informative article, thank you. Its always staggering the lengths that...    · Thanks for the kind words, and I definitely agree with you about the technical...   >>> Post your comment now!