A newly launched managed ‘HTTP-based botnet setup as a service’ aims to attract novice cybercriminals who’ve just purchased their first commercially available malware bot — or managed to obtain a cracked/leaked version of it — but still don’t have the necessary experience to operate, and most importantly, host the command and control server online.
Sample screenshot of the actual advertisement:
The managed service currently offers hosting services and manuals for 5 DIY botnet malware generating tools. The service doesn’t appear to be a franchise related to one of the hardcore bulletproof hosting providers used primarily by Russia and eastern European cybercriminals, and currently, only supports HTTP based C&C traffic.
Just how profitable would such a business model be? According to the vendor of the service, he’s currently managing bulletproof hosting services for 65 ‘beneath the radar’ type of botnets, that are most commonly generated using commercially available versions of cracked/leaked DIY botnet bulding tools, like the ones we’ve been profiling for quite some time now:
- A peek inside a (cracked) commercially available RAT (Remote Access Tool)
- DIY Java-based RAT (Remote Access Tool) spotted in the wild
- New DIY RDP-based botnet generating tool leaks in the wild
- New DIY IRC-based DDoS bot spotted in the wild
- New DIY HTTP-based botnet tool spotted in the wild
- Leaked DIY malware generating tool spotted in the wild
The re-emergence of the DIY (do it yourself) trend within the international marketplace, in a combination with the rise of Cybercrime-as-a-Service type of propositions, indicates that both of these concepts can actively contribute to the maturing state of the cybercrime ecosystem; instead of competing with one another as concepts that could have somehow lead to any form of market stagnation.
We expect to continue observing an increase in diversified monetization approaches applied by novice cybercriminals, aiming to empower fellow novice cybercriminals with the necessary know-how to operate and retain access to their generated botnets.