Researchers of German security firm G Data have discovered that a bot builder dubbed "Aldi Bot" is currently being offered for that much on underground forums.
And, according to them, some of the bot's code looks like it was taken from Zeus'.
The seller, who is also the bot's developer, says that he's offering it for such a low price because he enjoys coding and is not interested in making huge amounts of money. The fact that he cannot guarantee that the bot will not to be detected by AV solutions must have also played a role in his decision.
On the other hand, the bot does offer many possibilities, including carrying out DDoS attacks; stealing passwords save by Firefox, jDownloader and IM client Pidgin, executing any file remotely; and allowing the buyer to use the infected computer as SOCKS proxy.
Another interesting thing is that the seller offers "installation assistance" to all buyers.
"Chat logs, posted by the malware author, reveal that he actually really provides personal assistance for the installation and implementation of the bots, even to malware rookies, so-called noobs, who do not have the slightest idea of how to work with the malicious tools," say the researchers. "He even uses TeamViewer to make his customers happy and ready to attack."
He does not offer assistance in spreading the malware - he leaves that the buyer.
But the most curious thing is the name of the bot. Aldi is the name of a German-based discount supermarket chain that operates all across Europe, the U.S. and Australia, and in the bot builder interface, one of its distinctive logos is used. Is it because the bot is offered so cheaply?