Inside the business model for botnets

Botnets are shadowy networks of computers controlled by hidden actors and linked to everything thatâs bad on the web. They have been implicated in distributed denial-of-service attacks, spamming campaigns, click fraud, and bank fraud, to name just a few of the nastiest flavors of cybercrime. Clearly somebody, somewhere is making a fortune masterminding this kind of criminal activity.

Today we get an answer of sorts thank to the work of C.G.J. Putman at the University of Twente in the Netherlands and a couple of colleagues. âIt comes as no surprise that the primary motive for the use of botnets is for economic gain,â they say as they map out the costs and revenue streams. All that leads to a rough estimate of the cost of setting up a botnet on a national or international scale.

For a botnet linked to 10 million devices, Putnam and co quote a cost in the region of $16 million. Of course, it could be significantly less for smaller networks. The team say that distributed denial-of-service attacks using a network of 30,000 bots can generate around $26,000 a month.

Spam advertising with 10,000 bots generates around $300,000 a month, and bank fraud with 30,000 bots can generate over $18 million per month. But the most profitable undertaking is click fraud, which generates well over $20 million a month of profit.

Source: technologyreview.com