Security researchers recently discovered a website, which controls a very large botnet, used to infect vulnerable systems. The website, loads.cc, is based in Eastern Europe, most probably Russia, and acts in a quite interesting manner: the operators charge clients for infected PCs. In other words, anyone can use the botnet, the size of which is estimated to be a few million, and infect PCs with whatever malware they choose for a little fee.
The website itself does not appear to have or distribute malware, but researchers recommend not to surf to it, because it likely logs the IP adress of visitors.
Loads.cc allows less technically proficient cyber-criminals to "cash in". Upon the discovery of the website, the price of one infection was 20 cents. The operators of the site provide information on the availability and size of the botnet in real-time.
A client can make an arrangement of how many PCs he wants infected before hand, let’s say 1,000 for $200. The payment can also be based on other things, such as country, IP adress and other attributes. Upon completion of the task, the client is given a report saying which IPs the loads were succesfully delivered to. Then he can do whatever he pleases: distribute spam, steal information, etc.
This method is different from that of other similar schemes, such as those by the creators of the Gozi trojan and 76service, the latter allowing you to use an already infected PC, thus making the whole process more expensive, whereas Loads.cc allows you to pay to infect computers.
This could possibly lead to some PCs becoming "superinfected", a term used to define the state of being infected with several bots at the same time. "Superinfected" systems would make for a battle ground to determine which bot has control over the PC.
Interesting notice, but at this time loadscc have been pointed to Google servers 🙂