URL to an interesting from CNet News article about the brave new world of
malware and cybercrime economy
First few paragraphs
""Over the years, the criminal elements, the ones who are making money,
making millions out of all this online crime, are just getting stronger and
stronger. I don't think we are really winning this war."
As director of antivirus research for F-Secure, you might expect Mikko
Hypponen to overplay the seriousness of the situation. But according to the
Finnish company, during 2007 the number of samples of malicious code on its
database doubled, having taken 20 years to reach the size it was at the beginning of
There seems to be some serious evidence then for the idea of _an evolution
from hacking and virus writing for fun to creating malicious code for profit_
0.html) . Security experts are increasingly pointing to the existence of a
"black" or "shadow" cybereconomy, where malware services are sold online using
the same kinds of development methods and guarantees given by legitimate
It is difficult to establish exactly how organized this malware economy is
but, according to David Marcus, security research manager at McAfee Avert Labs,
it's relatively straightforward to buy not only the modules to build
malware, but also the support services that go with it. <
"If it weren't for Storm, bots would be in significant recession. Some days
we're seeing 1,000 different variants a day."
--David Marcus, security research manager, McAfee Avert Labs
"From Trojan creation sites out of Germany and the Eastern bloc, you can
purchase kits and support for malware in yearly contracts," said Marcus. "They
present themselves as a cottage industry which sells tools or creation kits.
It's hard to tell if it's a conspiracy or a bunch of autonomous individuals who
are good at covering their tracks."
As well as kits and support, legions of compromised computers, or botnets,
can be hired for nefarious purposes--usually for spam runs, or to perpetrate
denial-of-service attacks. One of the most successful botnets of 2007 has been
"Storm," so-called due to the hook-line used to trick victims into opening
e-mails containing the Trojan horse. In January, the first malware was sent out
with the tagline "230 dead as storm batters Europe."
(entropy always wins)
**************Wondering what's for Dinner Tonight? Get new twists on family
favorites at AOL Food.
[Non-text portions of this message have been removed]