Internet researchers discover new hacking service site
A client can ask in advance for a certain number of infections, say 1,000 infections for a $200 fee. Customers can also pay for loads based on country, IP addresses or other attributes. Once the job is done, the client receives a report-essentially an itemized bill-of the IP addresses where loads were successful. Then the perpetrators can pursue their goals: For example, they could potentially distribute spam, grab PC owners' online banking information, or steal log-in credentials.
This is slightly different than the service model used by the criminal hackers behind the Gozi trojan and 76service, as reported in a . With 76service, clients paid for access to a form-grabber that had already infected the machine. This made each infection more expensive, since access was mostly exclusive and the trojan was already installed and operating on behalf of the buyer. With loads.cc, the client is paying to infect the machine in the first place, with whatever malware the buyer chooses. (The Gozi trojan resurfaced this week being distributed via .)
The business model behind loads.cc creates several concerns. The botnet is available to anyone, and loads cost only 20 cents each. This could lead to a set of "super-infected" PCs that have several-possibly dozens-of bots loaded onto them. That, in turn, could lead to a proliferation of malware-so much that it could make infected PCs virtual battlegrounds for control over that machine.
The sources also worry about similar services creating a hyper-botnet in which the current botnet is used to load executable files that spread bots to other PCs, which in turn do the same, creating a viral effect.