Hackers will settle your scores online (prices start at £50)

Sign up for a full digest of all the best opinions of the week in our Voices Dispatches email

Sign up to our free weekly Voices newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Organised criminals have drawn up a price list for internet attacks ranging from raids on betting websites to sending e-mails for spammers.

Organised criminals have drawn up a price list for internet attacks ranging from raids on betting websites to sending e-mails for spammers.

A multi-million pound underground economy is growing up through the sophisticated use of internet sabotage involving extortion, blackmail and fraud.

Sending a million e-mails to an enemy costs up to £50. A programme to hijack users' internet browsers to display a pornography site will set you back around £200. And between £8,000 and £12,000 will buy a full-blown assault on a website.

This week two new computer viruses emerged which proved that their writers no longer do it for idle recreation. Instead, they aim to set up "zombie networks" of thousands of virus-infected PCs, to offer as tools for criminals to exploit and attack the wider internet.

On Monday the MyDoom.O virus spread so rapidly that it took over thousands of machines around the world, with the side-effect of paralysing the search engine Google because the virus used it to search for more machines to infect.

Within 48 hours a second virus, called Zindos, appeared which used only those machines infected with MyDoom.O to launch an attack on Microsoft's website.

"Zindos was able to use those machines because it knew the equivalent of the secret knock on the door that could control them," said Graham Cluley, senior technology consultant at the antivirus company Sophos. "Both viruses were written by the same guy. And it's clear some viruses are written purely to create a network of 'zombie' machines which can be used to do anything the virus writer wants."

A "zombie" machine appears normal, but unseen to the user, an electronic "back door" allows the virus writer to control it remotely, to send out e-mails, store pornography, or attack a particular site. The only way to reclaim such a machine is to run up-to-date antivirus software and use a firewall to prevent unknown internet links.

However, many people are ignorant of those dangers. There are hundreds of thousands of such virus-infected "zombie" machines worldwide, security experts reckon. They are organised into separate groups, controlled by the owners of the viruses which infected them.

The most valuable use now for such "zombie" systems is to launch "distributed denial of service" (DDOS) attacks on websites which have to offer online services, particularly betting and financial organisations. The DDOS uses the zombie machines to make the internet equivalent of a phone call - and then hang up immediately. With thousands of machines each doing this hundreds of times per second, the site is overwhelmed by fake requests.

Simon Noble, chief executive of the Antigua-based website BetWWTS.com, said his site experienced an attack last September - followed, about 20 minutes later, by an anonymous e-mail pointing out that the site was under attack due to "a problem with your network". It suggested the company paid $40,000 (£22,000) to stop the problem. Mr Noble would not say whether he paid up - but said that in general, "everybody who has been attacked has paid". Other sites, including the British gambling site Bluesquare, insist that despite multiple attacks they have never given in.

Some British betting websites are turning to security systems to help them distribute such peak loads.

Gerard Lopez, chief executive of the internet security company Securewave, whose clients include the Ministry of Defence, said attackers were making tidy profits by finding virus programmers who could deploy a zombie network to order. He said: "Depending on how well-known the website is, how big an attack is required, and what the person who controls the zombies chooses to charge, any site can be taken out for £8,000 to £12,000."

In some cases, the attack might require a brand-new virus because many sites now using blocking systems that refuse any connection from PCs known to be infected.

The criminals might even forgo the cost of a second attack - judging that the first will have been warning enough if a target pays up.

However, the online gambling business applauded the arrest last week of three men in Russia after payments to the gangs - made on the National High-Tech Crime Unit's advice - were traced from the UK to the Caribbean, and then to Latvia and Russia.

The value of "zombie" networks to virus writers became clear earlier this year, when the online equivalent of a gang war broke out between the "Netsky" and "MyDoom" gangs. They wrote wave after wave of competing viruses, apparently with the intention of taking over rival zombie machines.

Len Hinds, the policeman heading the NHTCU, warned companies not to give in to extortion: "It's the same game as the Krays played," he said. "They say they'll stop, but they won't. They'll come back."