Malware off the shelf, malware as a service

September 7, 2007 at 9:16 pm Leave a comment

The BBC recently had an article on how malware off the shelf makes hacking easy for the novices.

Whether you’re looking for a complete product with 12 months technical support or just a component, it’s out there for sale.

The market resembles that for “normal” software. Hacking groups operate volume pricing schemes and discounts for loyal customers. Market economics also apply with the sheer number of tools for sale driving down prices. In turn, this drives the hackers to specialise, offer custom coding, and boutique attacks.

Along the same lines, security guru Peter Gutmann gives a great presentation called The Commercial Malware Industry (pdf, 670 KB). In it he describes how the malware industry today is at a “serious money can buy serious expertise” stage. Spam vendors are now employing professional linguists and phishers are using psychology graduates to scam victims.

Zero day exploits are now bought and sold online. A sophisticated affiliate model operates. Malware is available as a service with video tutorials, try-before-you-buy, skinnable interfaces (!), and plenty of outsourcing vendors in Russia.

And just like in real life, the one who makes the most money is the middleman.

Peter’s presentation has a lot more technical details but the bottom line is chilling: the geekiest of geeks will have to go to great lengths to protect themselves; for everyone else, “put you head between your legs and…”

Entry filed under: fraud, network, security, strategy.

3 privacy videos worth watching Social networking puzzle

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter


%d bloggers like this: