Business Model of Botnets

Botnets continue to be an active threat against institutions and individuals worldwide. Previous research regarding botnets has unveiled information on how the system and their stakeholders operate, but an insight on the economic structure behind these stakeholders is lacking. The objective of this research is to build the business model and determine the structure of the underground botnet economy. This means determining the botnet life-cycle, revenue streams and overall economic impact on institutions and stakeholders. Compared to other botnet related research, this paper focuses on the financial aspects, breaking down the components of the botnet life-cycle and estimating the money flow to the different actors involved. What can be concluded is that building a full scale cyber army from scratch can only be done by large institutions or governments, as it is too costly. In contrast, by outsourcing different tasks and making use of existing malware packages, costs are reduced to a minimum and reachable for the average person. Applying this method to earlier researched botnets, in every case the botnet resulted in being profitable for the botmaster. Initial setupand monthly costs were minimal compared to total revenue.