It doesn’t take much to get started in Internet crime these days. Find the right site, hand over $50, and you can start wreaking havoc with 1,000 already-infected PCs.
Finjan, a San Jose, CA security company, looked into the “Golden Cash” site, used by black hats to buy and sell the use of hijacked computers. The crooks behind the site infect PCs (or pay others to do so) with the Golden Cash remote-control malware, and then sell access to those PCs. And that access doesn’t cost much.
According to the price list in Finjan’s report, a batch of 1,000 infected PCs in Australia costs $100 – a whopping 10 cents each. A batch in the US runs $50, and bargain-basement bad guys can build a far-east malware network for as little as $5 per 1,000. Crooks can then install other malware, send spam, embed rogue antivirus, or use the victim PCs in any number of profit-making scams.
Sites like Golden Cash are part of a thriving Internet black market that provide every service a bad guy could ever want. An infected Web site or e-mail with a malware attachment is only the tip of the iceberg, an end result of a widespread underground business. Other services might provide stolen credit card numbers, custom-built malware guaranteed to evade antivirus, or anonymous network access.
Scary stuff, but lucky for us, it’s not that hard to keep a PC from becoming a criminal commodity. Most attacks use poisoned Web sites to go after old, unpatched security holes (the Golden Cash bot attack hunts for last year’s MS08-041 ActiveX hole), or use a social engineering con-job to trick you into opening a poisoned e-mail attachment. Following good, basic security practices like keeping all your software up-to-date won’t guarantee your safety, but will go a long way towards keeping Golden Cash and all the other scammers at bay.