I’ve written often about the need to keep your PC patched and your virus scanner up-to-date so that your PC doesn’t become infected with a Trojan or virus that turns it into a zombie for use in sending spam email or launching DDOS attacks. I’ve mentioned how virus writers don’t want to destroy your data anymore because our PC is worth more to them in an operational state so they can then charge spammers money to distribute junk email, but there’s never been a dollar amount indicating just how much the hackers are making off of their illicit use of your PC and internet connection. This article at USA Today finally gives us a hint.
One indication of the going rate for zombie PCs comes from a June 11 posting on SpecialHam.com, an electronic forum for spammers. The asking price for use of a network of 20,000 zombie PCs: $2,000 to $3,000. Such networks typically are used to broadcast spam and phishing scams and to spread e-mail viruses designed mainly to create yet more zombies.
Zombie networks can be sophisticated. Last fall, a small Internet service provider asked cybersleuth Don Bowman to find out which of its 70,000 subscribers were broadcasting spam. Its network was generating so much spam, other ISPs threatened to blacklist it.
Bowman discovered that e-mail would blast from 20 PCs for a brief period. After a pause, another fire-hydrant-like surge gushed from a different group of 20 PCs. On average, each machine disgorged 630 pieces of e-mail an hour. “It wasn’t natural,” says Bowman, chief software architect for security firm Sandvine. “No one can type that fast.”
His conclusion: An intruder was deploying squads of zombies in rotating waves. Why? Probably so the unwitting zombie owner would tolerate performance slowdowns that came and went — and investigate no further.
No wonder there’s such a drive by the blackhats out there to commandeer your machine. A little time spent coding and you can be making a couple of grand per customer as a spam relay. Doesn’t get much easier than that. Gathering valid email addresses is profitable as well. The article makes mention of Jason Smathers formerly of AOL who is charged with stealing 92 million email addresses from his former employer and selling them to a spammer for $100,000.