To think of botnets as being the domain of a single criminal operator is to seriously underestimate the sophistication of modern cybercriminal operations. “Botnets” are a growing industry with multiple layers of service providers and entrepreneurs hawking their specialized tools and knowledge. Yesterday I covered the botnet service providers that specialize in malware and drive-by-download quality assurance (QA) practices. Today I’ll discuss helpdesk support.
Browsing the web and hacking forums will reveal literally hundreds of online botnet malware providers. It’s a competitive business. Not only must these providers compete on a per-feature basis within their malware DIY construction kits, but they must also provide differentiated support for their customers.
By way of example, lets look at FurioGaming…
This particular site provides a broad range of hacking products, forums and services – most notably a bunch of Remote Access Trojans (RATs), Botnet agents and distribution services, and hacking tools.
Looking at the distribution service, FurioGaming offers a commercial “Bot RAT Trojan Spreading Service”…
Having a hard time spreading your bot? Let us do all the work!
We have a lot of experience when it comes to bot spreading and we know like no other how much time it can costs before your finally able to host boot, so now we offer Turbo bot Spreading for those who want bots FAST and cheap! In less then 24 hours you’re all set to start host booting.We spread all type of bots although we prefer the BBO bot because it connects on all operation systems and the BBO bot gets you the best possible spreading results, plus if you want us to spread your BBO bot we will do the crypting for free!
We can spread your bot for as long as you want and we will provide you the download link so you can keep track of the downloads your bot is getting.
As you’d expect, there’s a tiered service offering ranging from $24.99 per 24hrs distribution (~200 bot infections), through to $79.99 for 120hrs distribution (~1000 bot infections).
The thing that makes this service offering so interesting to me (and therefore you the reader) is the ability to open a helpdesk “support ticket. Just like legitimate commercial Internet service providers, 24×7 customer support is expected. In this case, FurioGaming offers a dedicated support ticketing system…
FurioGaming aren’t the only botnet service providers to operate this way and to have a comprehensive helpdesk ticketing system, but they are one of the most polished and brazen that I’ve come across.
So, never forget that the botnet business really is a business – with multiple operators providing specialized services at every level. There’s a lot of money to he had by these criminal entrepreneurs.
– Gunter Ollmann, VP Research
[...] now even malware can have QA and botnet is an industry they even run help desk. Added to this (probably) unethical practices like this and sophisticated [...]
[...] Gunter Ollmann blog here. [...]
[...] about the underground service industry that has sprung up to support botnet and malware groups in his blog. He found botnet support and malware quality assurance sites with 24×7 support and ticketing [...]
[...] eye towards reuse / resale (or even for rent), including modern business practices such as QA and helpdesk support. It’s very possible this is just a beta test with a relatively benign, proof-of-concept payload, [...]