Security researchers studying the latest Internet crime trends have discovered a new Eastern European Web site that uses a large botnet to infect vulnerable PCs. The operators of the botnet and Web site charge clients for each successful PC infection.

The site is likely based out of Russia, according to the security researcher's sources who asked to remain anonymous because of their underground intelligence work. While the front-end Web site, called loads.cc, doesn't appear to contain or deliver malware, readers are strongly urged to avoid visiting the site in case malware is present and because the site likely logs the IP addresses of its visitors. (The ".cc" Internet domain is assigned to the Australian territories of the Cocos and Keeling Islands.)

---

Read the latest WhitePaper - Integrated IP Address Management (IPAM) Solution

---

The sources discovered the site while performing forensics on some servers known to host malware. They say that, when last checked, loads.cc was still in operation.

A view of the loads.cc homepage, provided by researchers.

This service is another example of a service-based hacking product, similar to others recently reported here, that opens up Internet crime to less technically proficient criminals. Rather than compete with some of the other services, it actually complements them.

Whoever is running loads.cc controls a botnet that may include up to several million PCs in its network, according to the sources. The operator of the site provides real-time information on the size and availability of the botnet. The site operator charges clients for using the botnet to infect computers with whatever malware the customer chooses. The going rate at the time of its discovery was about 20 cents per "load," or per successful injection into a vulnerable PC.

A client can ask in advance for a certain number of infections, say 1,000 infections for a $200 fee. Customers can also pay for loads based on country, IP addresses or other attributes. Once the job is done, the client receives a report-essentially an itemized bill-of the IP addresses where loads were successful. Then the perpetrators can pursue their goals: For example, they could potentially distribute spam, grab PC owners' online banking information, or steal log-in credentials.