Security firm Trend Micro recent analyses the Russian crimeware markets and has found that malware tools and services range from one-time packages which cost just pennies to sophisticated packages and services which cost purchasers thousands of dollars per month.
If you want to buy a botnet it will cost you somewhere in the region of $700. If you just want to hire someone else's botnet for an hour, though, it can cost as little as $2. There are at least 20 different types of services offered in Russian-speaking forums for just about anyone who wants to make a buck off of cybercrime, everything from crime-friendly VPN and security software-checking services to plain old off-the-shelf exploits.
"As the Russian underground community continuously modifies targets and improves technologies, security companies and users must constantly face the challenge of effectively protecting their money and the information they store in their computers and other devices," the company said in its report.
Zeus one of the most popular and effective financial theft trojans and botnet builders, is frequently advertised. "I'll sell ZeuS 18.104.22.168 source code. Private sale of source code. Price: US$400–500; bargaining (swapping) is possible," reads one post. "Selling ZeuS 22.214.171.124 bin + set up on your hosting for US$200 escrow is accepted," reads another.
Email spams costs $10 per one million emails and Windows rootkits are priced around $292. You can even hire someone to hack a Gmail account for $162 or a Facebook and Twitter account for $130. Botnet leasing is actually rare in the underground market because it's not as lucrative as other services. "Hackers normally operate their own botnets because selling them is less profitable," the report says. Distributed denial-of-service (DDoS) attacks cost just $10 per hour.
Current prices on the Russian underground market:
- Hacking corporate mailbox: $500
- Winlocker ransomware: $10-20
- Unintelligent exploit bundle: $25
- Intelligent exploit bundle: $10-$3,000
- Basic crypter (for inserting rogue code into a benign file): $10-$30
- SOCKS bot (to get around firewalls): $100
- Hiring a DDoS attack: $30-$70/day, $1,200/month
- Botnet: $200 for 2,000 bots
- DDoS botnet: $700
- ZeuS source code: $200-$500
- Windows rootkit (for installing malicious drivers): $292
- Hacking Facebook or Twitter account: $130
- Hacking Gmail account: $162
- Email spam: $10 per one million emails
- Email spam (using a customer database): $50-$500 per one million emails
- SMS spam: $3-$150 per 100-100,000 messages