You can buy an Infected PC for 10 cents

It doesn't take much to get started in Internet crime these days. Find the right site, hand over $50, and you can start wreaking havoc with 1,000 already-infected PCs.

Finjan, a San Jose, CA security company, looked into the Golden Cash site, used by black hats to buy and sell the use of hijacked computers. The crooks behind the site infect PCs with the Golden Cash remote-control malware, and then sell access to those PCs. And that access doesn't cost much.

According to the price list in Finjan’s report, a batch of 1,000 infected PCs in Australia costs $100 - a whopping 10 cents each. A batch in the US runs $50, and bargain-basement bad guys can build a far-east malware network for as little as $5 per 1,000. Crooks can then install other malware, send spam, embed rogue antivirus, or use the victim PCs in any number of profit-making scams.

Sites like Golden Cash are part of a thriving Internet black market that provide every service a bad guy could ever want. An infected Web site or e-mail with a malware attachment is only the tip of the iceberg, an end result of a widespread underground business. Other services might provide stolen credit card numbers, custom-built malware guaranteed to evade antivirus, or access to anonymous network.

All this is a scary stuff, but lucky for us, it's not that hard to keep a PC from becoming a criminal commodity. Most attacks use poisoned Web sites to go after old, unpatched security holes, or use a social engineering con-job to trick you into opening a poisoned e-mail attachment. Following good and basic security practices like keeping all your software up-to-date won't guarantee your safety, but will go a long way towards keeping Golden Cash and all the other scammers at bay.

• Tweet
• Share
• Share
• Share
• Share