If you’ve ever wondered what the shadowy operators of hijacked computers do with their legions of computers, then take a look at the screen shot above. This is the user interface for a proxy rental service, where nefarious types can rent the use of computers infected with malicious software.
Brian Krebs writes on his blog about his experience using this un-named invite-only proxy-rental service:
When I tested this service, it had more than 4,100 bot proxies available in 75 countries, although the bulk of the hacked PCs being sold or rented were in the United States and the United Kingdom. Also, the number of available proxies fluctuates daily, peaking during normal business hours in the United States. Drilling down into the U.S. map […] users can select proxies by state, or use the “advanced search” box, which allows customers to select bots based on city, IP range, Internet provider, and connection speed.
And how much can one expect to pay for the use of a hijacked computer? Well, there’s up-front fee of $150, and after that it’s $1 a day to rent use of a computer, slightly more to buy exclusive use.
Using services like this, criminals can mask their true locations. As Krebs points out, this is particularly effective when performing scams where the geographic location of the computer is queried. A criminal in Russia can rent time on an infected computer in Chicago, and then transfer funds away from a U.S. bank account, making it look more legitimate.
Though botnets are scary in and of themselves, the easy-to-use nature of this service (there’s even a help forum!) is particularly chilling. Have you checked your anti-virus software today?
(Krebs on Security via Boing Boing)
Published: Apr 8, 2011 11:26 am