Spyware authors offer dollars for downloads

Botnet operators offered cash to spread malware

Spyware authors are offering financial rewards to botnet operators and other cyber-criminals who covertly install their spyware, security experts warned today.

MessageLabs said that selling so-called 'installs' is a common practice in the cyber-underworld.

"The criminals have moved in a riskier direction to spyware which is illegal to download and designed to evade antivirus detection," MessageLabs stated.

"The income that can be earned grows based on higher numbers of installs, which implies that the spyware is to be used with botnets and varies based on the geographical location of installation."

MessageLabs has compiled the following "price list" for malware installations. For example, installing spyware on 1,000 machines in Australia earns $100 but only $50 in the US.

Price in US dollars per 1,000 unique loads:

US 50
UK 60
Netherlands 25
France 25
Italy 60
Poland 18
Denmark 25
Spain 25
Australia 100
Greece 25
Other 18
Asia 3

Code is typically first added to a web page which may be a phishing site, a hacked site, a site hosted on a web server or even a botnet-hosted web page.

Instructions are then issued to the offending botnet computers to visit the page, then download and execute the code. Once the spyware is installed, it registers with the 'seller' and the 'affiliate' is then paid.

MessageLabs explained that a simple line of code can be added to an HTML page that will in turn cause a drive-by install of spyware to the computers of any visitors to that site.

The security firm first reported on this phenomenon in May when a staggering $11,890 was reported to have been paid out in one week alone.

A notable example occurred in 2005 when Jeanson Ancheta was arrested for building a 400,000-strong botnet and installing adware for $60,000.