Brian Krebs on Computer Security
Posted at 10:19 AM ET, 08/22/2008
Web Fraud 2.0: Distributing Your Malware

The allure of cyber crime lies in its promise of quick riches, much like that of the illegal drug trade. But building a network of hacked personal computers that can distribute your data-stealing malicious software is a time-consuming process that requires a modicum of skill. That is, until recently, when several online services have emerged that promise to help would-be cyber crooks graduate from common street dealers to distributors overnight. Such is the aim of services like "loads.cc," which for a small fee will take whatever malware you provide and inject it into a pre-selected number of PCs already compromised and under the thumb of the service owners.

Currently, loads.cc claims to have 264,552 hacked systems in more than a dozen countries that it can use as hosts for any malicious software that clients want to install. The latest details from the "statistics" page displayed for members says the service has gained some 1,679 new infectable nodes in the last two hours, and more than 33,000 over the past 24 hours.
Other up-and-coming malware distribution services are trying to gain a foothold in this nascent criminal Web 2.0 industry. Loadsforyou.biz offers slightly more competitive rates, promising to stitch your malware into 10,000 hacked PCs in the U.S. for just $120. And they claim to accept PayPal, which might appeal to newbie cyber thieves who are unfamiliar with the ways of Webmoney and other more Euro-centric virtual currencies.

If a know-nothing cyber crook can pay $120 and infect 10,000 already-hacked PCs in the United States, what does that say about the sheer number of systems under control of the bad guys? To me, it says that compromised machines or "bots" as they are more commonly known, have become a commodity, or - to cite Wikipedia's definition -
"undifferentiated goods characterized by a low profit margin."
I hope this is obvious, but it's probably best to avoid visiting the sites named in this post, as they exist solely to orchestrate the infection of computer systems.

Such is the aim of services like "loads.cc," which for a small fee will take whatever malware you provide and inject it into a pre-selected number of PCs already compromised and under the thumb of the service owners.
Such is the aim of services like "loads.cc," which for a small fee will take whatever malware you provide and inject it into a pre-selected number of PCs already compromised and under the thumb of the service owners.