How much does a bot cost these days? Like everything else in our economy, the price of a bot-infected PC fluctuates significantly, based on supply, demand, volume purchased and any number of other factors. But according to research done by the folks at Cisco, bots can be had for as little as 10 cents right now. It’s a buyer’s market.
In a story on Dark Reading, a Cisco researcher talks about a recent undercover foray into the hacker underground in which he discussed bot pricing with real botmasters.
He told a Cisco researcher posing as a fellow botmaster that the market rate for a bot is between 10 cents to 25 cents per machine, and that he recently made $800 off of a sale of 10,000 bots.
But that rate is likely a moving target, says Joe Dallatore, senior manager in Cisco’s security research and operations group. “At this point we have a snapshot [in time]” of the botnet market rate, Dallatore says. “There is an economy for these things, and it changes over time this is a form of commerce, with supply and demand.”
That doesn’t sound like a huge amount of money for that number of owned machines, a fact that may be the result of an oversupply of bots. There’s been no shortage of bot-producing large-scale attacks in the last couple of years, including Storm, Nugache and others. And while many of those machines likely have been cleaned, experts say that PCs that become bots often are re-infected by other malware.
The risk of detection and prosecution for botmasters also is quite low, so the $800 haul for a few thousand bots looks to be fairly easy money. But, as Microsoft researcher Cormac Herley said in a podcast on cybercrime economics in June, the pricing data coming out of the hacker underground is notoriously unreliable.