Security researchers studying the latest Internet crime\n trends have discovered a new Eastern European website that uses\n a large botnet to infect vulnerable PCs. The operators of the\n botnet and website charge clients for each successful PC\n infection.\n MORE ON Malware Threats\n \n Gozi Trojan Resurfaces, Security Researcher Finds\n \n Who's Stealing Your Passwords? Global Hackers Create a New Online Crime Economy\n \n Gozi and the Subscription Hacking Model\n The site is likely based out of Russia, according to the\n security researcher\u2019s sources who asked to remain\n anonymous because of their underground intelligence work. While\n the front-end website, called loads.cc, doesn't appear to\n contain or deliver malware, readers are strongly urged to avoid\n visiting the site in case malware is present and because the\n site likely logs the IP addresses of its visitors. (The\n \u201c.cc\u201d Internet domain is assigned to the Australian\n territories of the Cocos and Keeling Islands.)The sources discovered the site while performing forensics\n on some servers known to host malware. They say that, when last\n checked, loads.cc was still in operation.A view of the loads.cc homepage, provided by\n researchers.This service is another example of a service-based hacking\n product, similar to others recently reported here, that opens\n up Internet crime to less technically proficient criminals.\n Rather than compete with some of the other services, it\n actually complements them.Whoever is running loads.cc controls a botnet that may\n include up to several million PCs in its network, according to\n the sources. The operator of the site provides real-time\n information on the size and availability of the botnet. The\n site operator charges clients for using the botnet to infect\n computers with whatever malware the customer chooses. The going\n rate at the time of its discovery was about 20 cents per\n "load," or per successful injection into a vulnerable PC.A client can ask in advance for a certain number of\n infections, say 1,000 infections for a $200 fee. Customers can\n also pay for loads based on country, IP addresses or other\n attributes. Once the job is done, the client receives a\n report\u2014essentially an itemized bill\u2014of the IP\n addresses where loads were successful. Then the perpetrators\n can pursue their goals: For example, they could potentially\n distribute spam, grab PC owners\u2019 online banking\n information, or steal log-in credentials.This is slightly different than the service model used by\n the criminal hackers behind the Gozi trojan and 76service, as\n reported in a special report.\n With 76service, clients paid for access to a form-grabber that\n had already infected the machine. This made each infection more\n expensive, since access was mostly exclusive and the trojan was\n already installed and operating on behalf of the buyer. With\n loads.cc, the client is paying to infect the machine in the\n first place, with whatever malware the buyer chooses. (The Gozi trojan resurfaced this week being distributed via\n PDF spam.)The business model behind loads.cc creates several concerns.\n The botnet is available to anyone, and loads cost only 20 cents\n each. This could lead to a set of "super-infected" PCs that\n have several\u2014possibly dozens\u2014of bots loaded onto\n them. That, in turn, could lead to a proliferation of\n malware\u2014so much that it could make infected PCs virtual\n battlegrounds for control over that machine.The sources also worry about similar services creating a\n hyper-botnet in which the current botnet is used to load\n executable files that spread bots to other PCs, which in turn\n do the same, creating a viral effect.