For 'Malware As a Service' Merchants, Business is Booming

They are well organized. They pay close attention to product quality, working hard to make it effective and scalable. They are all about customer service, providing after-sales support. They even solicit the help of their customers in product development.

By Taylor Armerding
Wed, February 01, 2012
. What's this?

CSO — They are well organized. They pay close attention to product quality, working hard to make it effective and scalable. They are all about customer service, providing after-sales support. They even solicit the help of their customers in product development.

All admirable qualities. But all in the service of theft.

They are malware merchants; in the business of helping others steal from legitimate businesses and innocent consumers. And they have evolved to the point where they operate much like the legitimate software industry. It is possible to buy malware from what amounts to an app store, or to contract for Malware as a Service (MaaS).

"The life cycle of (malware) products is the most amazing aspect," writes Pierluigi Paganini, a certified ethical hacker and founder of Security Affairs in Italy, in an article posted this past week on Infosec Island. "From design to release to after-sales support, each stage is implemented in every detail with care and attention."

One of the most famous examples is the Zeus Trojan, designed to steal banking information, which can be customized with new features demanded by its customers. There are an estimated 3.6 million computers in the U.S. that have been compromised by Zeus botnets.

In early January, the Israel-based security firm Trusteer reported on a new version of the SpyEye Trojan that, somewhat like a security camera hack, swaps out banking web pages to prevent account holders from noticing that their money is gone.

Not that the botnet market is new. But it is maturing, and is more diversified and dangerous than ever.

Kevin McAleavey, cofounder and chief architect of the KNOS Project outside Albany, New York, who has spent more than a decade in antimalware product development and research, says this is a logical progression. "Today's 'professionals' were once amateurs, and by that I mean the authors of the malware itself," he says. "It should come as no surprise that what may have once been done 'for fun' can readily be monetized by criminal and government elements for their own purposes."

The modern malware developer and distributor, he says, is selling not just the malware itself, but "the means to keep it hidden and from being detected."

But, if these merchants of malware are operating like businesses, can't authorities just track them down and shut them down?

Not so easily, it turns out. Most use the so-called " Onion Router," which lets users conduct business anonymously.

"The only time one has a chance to track down individuals is when they rat each other out," says McAleavey.

Continue Reading

Originally published on www.csoonline.com. Click here to read the original story.
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
White Papers »
Measuring the Business Value of CI in the Data Center
One of the key strategies that IT teams are pursuing to reduce capital costs while boosting asset utilization and employee productivity is the transition to highly virtualized data centers. However, IDC finds that expectations for further boosts in IT asset use and operational efficiency often surpass the actual results for a variety of reasons. These problems can quickly overwhelm any hoped-for benefits as the scope of virtual server deployment expands.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
The CFO Guide to Budgeting Software
A mid-sized business needs the same financial performance control and measurement capabilities as a large corporation, but in a solution that's affordable, easy to implement and scalable. This guide simplifies the search by helping CFOs understand the 10 must-have characteristics of today's best financial performance management solutions.
Better Cash Flow Management: Recession-Proof Your Business
Cash is the lifeblood of most small to mid-sized organizations. So why rely on error-prone spreadsheets for forecasting cash flow and risk making the wrong decisions? This white paper explores what a best-in-class budgeting and planning application could offer in the spreadsheet's place.
Centage/IOMA Budgeting Survey: Benchmarks and Issues
How are other financial professionals dealing with the issues you face? This report offers you an inside peak into what the minds at over 200 financial executives are thinking and doing to impact their own bottom line.
Case Study: Audi-Volkswagen Improves Procurement Control
Audi-Volkswagen required a user-friendly, easy-to-use Business Process Management system that did not require programming skills or high levels of technical expertise in-house. This case study looks at the decision making process that Audi-Volkswagen went through, including a tender involving six companies, and describes why they choose to work with Kofax to supply a Business Process Management system.
AIIM Market Intelligence: The paper-free office, dream or reality?
In this Aiim Market Intelligence report, produced in association with Kofax, we look at the success of paper-elimination projects, where and why paper is still leaking into the business, the features and success of scanning and capture investments, forward plans for document process outsourcing (DPO), and the potential impact of mobile devices.
Webcasts »
Optimizing the world of IT for end-users: Balancing freedom and choice with security and compliance to meet business
Download this eSeminar to hear from experts Ziff Davis Enterprise, VMware and HP and learn how client-side virtualization can improve your organization's performance, while reducing the IT burden of managing and maintaining an increasingly diverse client universe.
Introduction to Virtualization
Have you been thinking about what it would take to start using virtualization? Or do you know the basics and want to find out more? No problem. This webcast is designed for anyone with little to no knowledge of virtualization technology. Attend this webcast to learn:

-A basic overview of the business value of the technology and some key capabilities that make virtualization so valuable to IT and the businesses you serve.
-The basics for creating virtual machines and the key choices that can be made along the route to deployment.
Cloud-based Contact Center: Is it Right for Your Business?
View this on demand webcast to learn if moving business communications to the cloud is right for your business. Featured industry experts DMG Consulting LLC president, Donna Fluss, Frost & Sullivan principal analyst, Michael DeSalles, and Interactive Intelligence senior vice president, Joe Staples discuss this topic and help you answer your pressing questions at the conclusion of this web event.
Must have Tools and Techniques to Optimize the Sales Pipeline and Win more Deals
In this webcast, Vantage Point Performance's Michelle Vazzana will reveal how to coach your reps to better performing pipelines.
Sales Effectiveness in the New Sales Paradigm - A Webcast Featuring the Latest Forrester Research Study
In this webcast produced by the Sales Management Association (SMA), Forrester's Scott Santucci will explore the new sales paradigm and discuss how businesses must transform their selling models into dynamic, communications-intensive systems, empowering individual sellers to define, create and deliver value to customers.
SAP Sales OnDemand Demo: Quick Overview
SAP Sales OnDemand is intuitive, leveraging social collaboration capabilities you already know how to use. It enables fast, effective team collaboration and account management to help you sell more effectively. Watch the video to see how!
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Measuring the Business Value of CI in the Data Center

The CFO Guide to Budgeting Software

Better Cash Flow Management: Recession-Proof Your Business

Centage/IOMA Budgeting Survey: Benchmarks and Issues

Case Study: Audi-Volkswagen Improves Procurement Control

AIIM Market Intelligence: The paper-free office, dream or reality?

Discover Options for Improving Supplier and Customer Integration

How much security do you really need?

How to Justify the Cost of a TMS by Automating Freight Audit & Payment

Message Maps: Blueprints for Pandemic Preparedness

Broker-Dealer Case Study: Reduced Compliance Burden with Perimeter's Message Archive

Comparing Free Trial and Freemium Models

CSO Insights: Improving Sales Effectiveness In a Buyer's Market

Creating New Business Models Where Digital Meets Physical

Business Execution Buyer's Guide

"IPv6 for Dummies" - A Basic Guide to the Inevitable!

Associated Newspapers Keeps Websites Competitive with VMware vFabric tc Server

Privileged Password Sharing: the "root" of All Evil

Strategic Communications Secrets from a Vice Chief of Information

"Real-World Virtualization for Your Business" eBook
Sponsored Links

High performance. Delivered. Click to see Accenture's client successes

Choose New and manage one device instead of 170

Choose New for 8x the firewall and NAT performance

Check out a smart way of mobilizing your business with enterprise-ready Samsung Mobile.

Redefine your data center with HP servers.

Enhance your business with Windstream IT Solutions. Speak to someone local.

BlackBerry® Mobile Fusion. Different mobile devices. One platform.

Akamai Kona Security. Web security so you can innovate fearlessly

CYBERMARYLAND | Learn Why Maryland is the Epicenter for Cybersecurity

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Cognizant. Leading in Business, Application & Technology Services

Collaboration: driving better business outcomes

Managed Hosting Buyer's Guide - Benefits to key considerations

Click to see how Accenture has delivered high performance to clients

Learn how Accenture helps clients become high-performing businesses.

Click to see how Accenture has delivered high performance to clients

Choose New and slash the number of devices you manage

Customized information views & Twitter events at New Fulcrum Point

Splunk translates machine data into "aha" moments for IT and the business.

ManageEngine Desktop Central - Automate and Audit Your Desktop Management! Learn More...

Cloud Readiness Starts with Intel® Technology

Visit the Virtually There Learning Page to learn how to use virtualization to your competitive advantage.

Learn how Accenture helps clients become high-performing businesses

Free: Hunter Muller's "The Transformational CIO."

Join us for an upcoming Microsoft 365 live online demo event.

Discover your easiest path to unified communications

Virtualizing Your Infrastructure Just Got Easier

Gain cutting-edge insights at MIT in 2-5 day executive programs.

See how Accenture helps clients perform at the highest levels

Connect with global CIOs now at Enterprise CIO Forum

Resource Center
buy a link »
Ads by TechWords