The cost of a botnet is contingent largely upon the physical location of the malware-infected computers inside of it. Therefore, a botnet containing only American or European machines is worth more than one with machines from less prosperous nations.
Security researcher Dancho Danchev recently profiled an underground botnet service and found that the market for botnets fueled by American machines is more lucrative than botnets consisting of an international hodgepodge of IP addresses. Specifically, American machines demand the highest price, followed by machines in Germany, Canada, and Great Britain, which are worth slightly more than zombie computers located within the larger European Union. The least expensive botnets are those that are made up of indiscriminately located machines.
American machines are more valuable, Danchev claims, quite simply because American consumers have more “online purchasing power” than their international counterparts.
If you are in the market for a botnet, this particular seller offers bottom-end packages of “world mix” IP addresses at a rate of $25 for 1,000 hosts, $110 for 5,000 hosts, and $200 for 10,000 hosts. In the next tier, confirmed EU-located machines sell at $50, $225, and $400 for 1,000, 5,000, and 10,000 hosts respectively. Above that are botnets with machines from Canada, Great Britain, and Germany costing $80 per 1,000, $350 per 5,000, and $600 per 10,000 machines. The going rate among top-of-the-line American machines is 1,000 zombies for $120, 5,000 zombies for $550, and 10,000 zombies for a cool $1,000.
This e-shop is, according to Danchev, another example of cybercriminals adopting legitimate business practices, in this case market segmentation, in order to increase their profits. The shop is also practicing a bit of vertical integration by offering Socks5 servers, which are actually just more malware infected machines, as anonymous proxies to customers seeking disgression.