Cyber crime black market prices

Hans's picture
Sat, 2007-10-27 10:05 by Hans

Read the complete article (German language only)

The German company G DATA dove into the cybercrime scene and uncovered a few interesting tidbits.

Spam and denial-of-service attacks

They found that the going prices for sending 20 million spam mails from remote-controlled "zombie" computers start at $500 and that you can buy a distributed denial-of-service attack lasting one day for a few hundred $$ as well. These attacks are usually directed against competitors. Often they do the first 10 minutes of a DDoS attack for free, so the customer can judge its effectiveness.

These services are usually priced by the hour or by the day, with typical prices being $20 per hour and $140 per day.

A do-it-yourself starter pack to send 5 million spam mails costs $200.

Even with just 20 hours of work time per month, a "mini-job spammer" can take in 20 orders, send 400 million spam mails and earn $10,000 or more.

Another part of the job is trade in email addresses, with 10 million addresses often going for as little as $140.


More expensive are online game accounts, credit card data, and PayPal accounts. The top seller among the online game accounts is World of Warcraft (WoW) with a current black market price of $8 per account. Compared to that, the data of one credit card is cheap at $4.

Exploits and Trojans

The highest prices are achieved with exploits at up to $50,000 and taylor-made Trojans, also often going for tens of thousands of $$. The cheap buyer can go to WabiSabiLabi and trade, eBay-like, topical Windows and Linux security holes for $700 and up.

Losers in the cybercrime business are the many thousands of money carriers. They are solicited by spam mails promising dream incomes of $7,000 per month with minimal work time, they often don't even know they are actually money launderers for organized crime, and the police may be at their door long before the promised money.

Read the complete article (German language only)