How hard is it to make money running a botnet ?

Add to my custom PDF

Business Model of a Botnet

Criminal botnets and malicious software (malware) have become a serious threat to online security. However, little is known about exactly how much and how revenue from this software flows through illicit online industry.

Putman, Abhishta and Niewenhuis examined four case studies to analyze the economic structure that supports botnets. Botnets often are used to provide illegitimate online services. They looked at botnets that offered spamming, bank-credential theft, DDoS attack and click-fraud services. The development of a botnet can be divided into three stages, malware acquisition, malware spreading and botnet maintenance.

To acquire malware, botmasters choose between developing new malware or purchasing ready-to-use botnet packages. New malware can be adopted at a level suiting the technical proficiency of the botnet operator. They can choose to purchase all or part of the malware, or purchase training materials. Each of these options require different levels of investment.

The second stage in creating a botnet consists of spreading the malware to as many devices as possible. There are a number of methods for doing this, all of which attract a cost. An understanding of the costs can be understood from pay-per-installation service providers. They charge between 2 and 10 cents per infected device.

The final stage of maintaining a botnet requires ongoing administration as changes such as software patching and security updates can remove devices from the botnet. Malware must be updated frequently and devices must be reacquired, resulting in additional development and installation costs. The cost of reinfection or replacement of lost botnet devices could again be estimated at between 2 and 10 cents. There are also ongoing costs such as the fees for hosting services need for the botnet management infrastructure. The relative cost of these services is dependent on the services provided. While these costs are significant for DDoS providers, consuming approximately 25% of monthly revenue, they are relatively small for other types of service. Payments for services are often handled by third-party service providers. Of all of the service providers that support botnet operators, money handlers appeared to be the most profitable.

Readily available malware packages and malware infection service make it possible to set up a profitable botnet business within days. The capital costs for acquiring and spreading malware as well as the ongoing costs such as hosting and transaction fees are relatively small, amounting to a maximum of 1.1% of monthly revenue in three of the four cases studied. Profitability between various botnet related crime services varies drastically. DDoS-for-hire (Booter Services) are the least profitable, but appear to be less risky as they last the longest.

Setting up botnet can be quick and cheap but the profitability and management costs can vary depending on the type of illegal services offered.