from : http://spectregroup.wordpress.com/2010/04/15/dark-clouds-for-rent/

Available Now
http://networkworld.com/community/node/58829
“Who’s got the biggest cloud in the tech universe? Google? Amazon? Lots and lots of servers, but not even close. Their capacity pales to that of the biggest cloud on the planet, the network of computers controlled by the Conficker computer worm. Conficker controls 6.4 million computer systems in 230 countries at 230 top level domains globally, more than 18 million CPUs and 28 terabits per second of bandwidth. Like legitimate cloud vendors, Conficker is available for rent and is just about anywhere in the world a user would want their cloud to be based. Users can choose the amount of bandwidth they want, the kind of operating system they want to use and more. Customers have a variety of options for what services to put in the Conficker cloud, be it a denial-of-service attack, spam distribution or data exfiltration. Conficker is much more competitive than those legit vendors in many ways, Joffe continued. It has much more experience, dating back to 1998, has a larger footprint and unlimited new resources as it spreads malware far and wide to take over more computers. “And there are no costs. And there are no moral, ethical or legal constraints,” Joffe said, to chuckles from the audience. After all, the criminals stole their computing capacity from someone else.”

New Business Models
http://threatpost.com/en_us/blogs/future-botnets-031510
“This solution to the hacker’s problem provides a glimpse into a busines model we might see in the not-too-distant future. It’s an evolutionary version of the botnet-for-hire or malware-as-a-service model that’s taken off in recent years. In Hansen’s model, an attacker looking to infiltrate a specific network would not spend weeks throwing resources against machines in that network, looking for a weak spot and potentially raising the suspicion of the company’s security team. Instead, he would contact a botmaster and give him a laundry list of the machines or IP addresses he’s interested in compromising. If the botmaster already has his hooks into the network, the customer could then buy access directly into the network rather than spending his own time and resources trying to get in. Kind of an interesting/scary thought, but it could easily be used to avoid the cost and danger of individual exploitation against a company for a hacker interested in target attacks. Rather, a brokerage for commodities (bots that come from interesting IPs/domains) could be created and used to sell off the individual nodes. This model makes sense on a number of levels and may well have been implemented already.”

Zeus Found in Amazon Cloud
http://securityfocus.com/brief/1046
“The cybercriminals behind the Zeus botnet used Amazon’s Elastic Computing Cloud (EC2) to host the central server used to control a portion of the compromised machines. A number of security experts have predicted that cybercriminals will increasingly find uses for legitimate cloud services, such as Amazon EC2 and Google’s App Engine. This week, hacker Moxie Marlinspike kicked off a wireless password cracking service hosted in the cloud. The service, WPA Cracker, can compare the hash from a WiFi Protected Access network against 135 million possibilities in 40 minutes.”

Botnet Wars
http://computerworld.com/s/article/9154618/New_Russian_botnet_tries_to_kill_rival
“An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers. Security researchers say that the relatively unknown Spy Eye toolkit added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus. The feature, called “Kill Zeus,” apparently removes the Zeus software from the victim’s PC, giving Spy Eye exclusive access to usernames and passwords. Turf wars are nothing new to cybercriminals. Two years ago a malicious program called Storm Worm began attacking servers controlled by a rival known as Srizbi. And a few years before that, the authors of the Netsky worm programmed their software to remove rival programs Bagle and MyDoom. Spy Eye sells for about $500 on the black market, about one-fifth the price of premium versions of Zeus.”

Meanwhile : Africa Gets Broadband
http://intellibriefs.blogspot.com/2009/10/africa-home-of-worlds-largest-cyber.html
“Africa is home to about 100 million PCs, 80% of which are estimated to be infected with some kind of malware. This has occurred because the intense poverty throughout the continent has resulted in a pervasive distribution of pirated software and the inability to pay for Anti-Virus protection. Currently, most Internet access is via dial-up, but once broadband comes to Africa, all of those infected PCs will become an easy target for bot herders looking to build the next mega-botnet. What could a bad operator do with a botnet of that size? Pretty much anything he wants, including paralyzing an entire nation’s networked infrastructure. That’s all systems connected to the Internet, including power, water, communications, commerce, etc. Since Microsoft Windows is the OS that we are talking about, it falls on Microsoft to do something about this problem. One good first step would be what Microsoft’s Paul Cooke discusses – support pirated versions of Windows 7 with patches.”