How much cash do you have on you right now? If it's $10, you could spend it on a few snacks, less than a quarter-of-a-tank of gas or maybe an album on iTunes. Or you could enter the shady, soulless world of international cybercrime.
A botnet kit called "Aldi Bot" appeared about three weeks ago in underground forums, and has been selling for five Euros (about $7). The kit allows its buyers to join ranks with an existing botnet, a linked network of compromised computers used to carry out large-scale online attacks.
Once a buyer enters the name of a command-and-control server — the name comes with the kit — Aldi Bot "can cause a massive glut of malware" by giving people the ability to steal passwords, remotely execute corrupted files and carry out denial-of-service attacks, say researchers at G Data Software.
(The cybercrime tool appears to take its name from the German discount supermarket chain ALDI, but is not linked to the company.)
Aldi Bot's code appears based on the Zeus Trojan source code, which was leaked through underground cybercrime markets in May.
G Data Software contacted Aldi Bot's creator, who said he provides personal assistance to cybercrime newbies, and even uses TeamViewer, a remote desktop sharing program, to walk wannabe criminals through the process of setting up the exploitation tool.
Offering a malware kit for such an inexpensive price "will draw virtually anyone to the dark side — either for fun or profit," G Data Software wrote. "Script Kiddies can buy this bot with their pocket money, including all updates and support."
G Data Software researchers say Aldi Bot is not for sale anymore, but they expect similar (and equally cheap) malware to pop up and take its place.