This report examines the digital marketplaces and methods through which botnets—networks of compromised computers controlled by a central "botmaster"—are illegally traded.

: Purchasing the underlying code of a botnet allows a buyer to build and manage their own infrastructure from scratch. Pricing Factors

: Sites accessible only via the Tor browser often host listings for "DDoS-for-hire" services (sometimes called "Booters" or "Stressers") and "Installs" (access to a specific number of infected machines).

: Buyers pay for their malware to be installed on a set number of already infected devices (e.g., $100 for 1,000 "installs" in a specific geographic region).

It is important to note that under various international laws, such as the Computer Fraud and Abuse Act (CFAA) in the U.S. Engaging in these marketplaces also poses a severe security risk to the buyer, as these platforms are frequently monitored by law enforcement and "sellers" often distribute backdoored software to infect the buyers themselves.

Botnets are primarily sold within the and specialized underground cybercrime forums. These platforms operate as illicit marketplaces where buyers can purchase access to pre-infected networks or hire services to launch attacks.

The cost of a botnet varies significantly based on several "quality" metrics:

: Users pay a subscription fee to use a botnet’s power for short-term Distributed Denial of Service (DDoS) attacks against specific targets.