All the latest UK technology news, reviews and analysis

Hackers renting 1,000s of UK malware-hosting machines for just $240

24 Sep 2013

Cyber criminals are renting UK-based malware hosts for as little as $240 per 1,000 machines, according to security firm Webroot.

Webroot researcher Dancho Danchev reported uncovering a cyber black market that rents access to location-specific compromised hosts in a public blog post.

"The service is currently offering access to malware-infected hosts based in Russia ($200 for 1,000 hosts), United Kingdom ($240 for 1,000 hosts), United States ($180 for 1,000 hosts), France ($200 for 1,000 hosts), Canada ($270 for 1,000 hosts) and an international mix ($35 for 1,000 hosts), with a daily supply limit of 20,000 hosts, indicating an ongoing legitimate/hijacked-traffic-to-malware-infected hosts conversion," read the post.

Webroot manager George Anderson, told V3 the news is troubling as the malware-hosting stations can be used for a variety of harmful purposes.

"Compromised hosts are basically owned. They can be used by the cyber criminal for any activity that will make them money: as a spam relay, as spear-phishing of the host's friends, as a Command and Control point, or a relay to steal the host user's identity, their banking and financial access credentials. The list is pretty much inexhaustible," he said.

"The reason why spam botnets are commonly used is because they can be easily hidden on the host and can equally easily use the host as a launch platform for further compromises or to build botnets. Botnets can then be used to launch distributed denial of service (DDoS) attacks, where seemingly legitimate traffic floods a website to make it inaccessible to others – which is a major business loss for any company operating online."

He added that the location-based offering also means criminals renting the hosts can improve their schemes' profitability.

"Criminals are pricing hosts by location because it's an indication of an ‘economic value' of the host. For instance a US citizen will generally be better off than a Russian citizen, therefore targeting that host or using that host to mine others in that region (for example grabbing the email addresses of a US person's compromised host to then compromise their friend's PCs too) will most likely lead to a specific financial gain," he said.

Danchev said the location-based offering is likely designed to help differentiate the criminals' rental services from other similar black marketplaces.

"Today's modern cybercrime ecosystem offers everything a novice cyber criminal would need to quickly catch up with fellow or sophisticated cyber criminals. Segmented and geolocated lists of harvested emails, managed services performing the actual spamming service, as well as DIY undetectable malware-generating tools, all result in a steady influx of new (underground) market entrants, whose activities directly contribute to the overall growth of the cybercrime ecosystem," wrote Danchev.

Cyber black markets selling attack tools and services have been a growing problem for the security community. For years numerous vendors have reported seeing a growth in the number of illegal online marketplaces selling attack tools and web user account passwords. Webroot researchers also discovered thousands of Twitter and Skype user account details for sale on a Russian cyber black market in April.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Devices at work poll

Which device do you use most for work?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

SQL DBA SQL Server Clustering Finance Banking London

SQL DBA (Microsoft SQL Server 2008/2012 Clustering Finance...

Cisco Networks Telephony Engineer VOiP EIGRP Banking London

Cisco Networks Engineer (Cisco Unity Call Manager CUCM...

SQL DBA SQL Server Clustering Finance Banking London

SQL DBA (Microsoft SQL Server 2008/2012 Clustering Finance...

Business Analyst Banking Finance Business Transformation London

Business Analyst (Business Transformation Investment...
To send to more than one email address, simply separate each address with a comma.