A cybercriminal is looking to buy a virus on the Dark Web. That’s going to be expensive, right? Wrong. Someone who has less than £5 in their bank account can easily purchase a piece of malicious software capable of doing irreparable damage to a single PC or the entire IT network of a company. Ganan, a researcher at the Cybersecurity Group at the University of Delft in the Netherlands, says:

“There are different types of sellers of malware. Normally, the more specialized ones are more expensive.


For a hacker wanting to buy a virus, the Dark Web provides a formidable catalogue of choices. For a few pounds, euros or dollars, a trojan known as Zeus Botnet is on offer. This malware, also known as Zbot Trojan, targets Microsoft Windows and enables cyber thieves to steal banking credentials and use the network of infected computers (known as a botnet) to commit malicious actions. More advanced forms of Zeus can cost €30 while the asking price for sophisticated forms of the virus can exceed €1,000. Hackers wanting to buy a virus can also be selective in their purchases. Ganan explained, saying:

“You have the entire supply chain. You can buy a package in which the criminal does everything for you or a particular part of the crime. You can contract from the entrance part of the malware and even the mules that will put the money in your account or the mixer that reduces the traceability of cryptocurrencies. ”

DDoS FOR €90

Paying in cryptocurrency or even with a bank card, a cybercriminal can buy a virus that can be launched in a few clicks of a mouse and which result in a significant Distributed Denial of Service (DDoS) attack. The cost of the service depends on the volume of computers tasked with overloading servers as well as the duration of the attack. Typically, it only costs €90 to render this level of downtime and IT chaos. Cybersecurity expert, Marc Rivero Lopez, says:

“It’s quite simple: you pay with bitcoin, with monero or even with a card and they give you access to a panel where you can do whatever you want. You put the URL, the time and the type of attack. “


Making money from the sale of physical products is becoming increasingly more challenging. The product is shipped to an address and its origin is usually traceable back to the sender. Law enforcement agencies are also cracking down on the sale of illicit goods. As such, criminals, in general, are turning to selling software to generate a lucrative income. Ganan says:

“Easy to sell software because you can receive it anywhere in the world and with total anonymity.”


Another frightening thought is that the cheapness of malicious software is instrumental in the expansion of our digital ecosystem According to data from IoT Analytics, a global IoT market research company, 7 years ago there were about 3,600 million devices connected to the Internet of Things, including activity wristbands, surveillance cameras, virtual assistants, and many more. By 2020, this number exceeded 11.3 billion. When these devices are inadequately protected, an attack can cause complete IT chaos, particularly for those IoT machines that form part of a company network. Rivero Lopez says:

“ Also, keep in mind that if these devices are in a large company or in a university, they have a lot of bandwidth.”


There’s not much you can do when a hacker or cybercriminal gang wants to buy a virus on the Dark Web. I say let them do it as they are simply wasting their money. For individuals and companies with the best cybersecurity protection, there’s not much a hacker can do, try as they may. I have over 20 years of experience in professional business IT management, specializing in cybersecurity and risk mitigation. Contact me now for the best cybersecurity solutions that money can buy.

Leave a comment