Online Crime Pays

dollarsign.jpg Why Internet security professionals are losing:

Today, few malware developers use their own code. They write it for the same reason commercial software developers do: to sell it for a healthy profit. If you’ve ever bought anything online, buying from them may be disconcertingly familiar. If you want to break into a computer or steal credit card numbers, you can buy the necessary software online, just like almost anything else. More than that, you can find user friendly, point-and-click attack applications that have been pre-tested and reviewed by experts, and read through customer feedback before making your purchase.

You might even be able to buy technical support or get a money back guarantee. Some developers offer their malware through a software-as-a-service model. If you prefer an even more hands-off approach, you can simply buy pre-screened credit card numbers and identity information itself, or sign a services agreement with someone who will do the dirty work for you. As in many other industries, money has given rise to professionalism.

Online crime and malware development has become a full-blown and extremely profitable commercial enterprise that in many ways mirrors the legitimate software market. "We’re in a world where these guys might as well just incorporate," says David Parry, Trend Micro’s Global Director of Security Education. "There’s certainly more money in the cybercrime market than the antivirus market. The internet security industry is a drop in the bucket; we’re talking about hundreds of billions of dollars."

Computer crime is slicker than you think, By David Raikow, CRN, 16 August 2007 08:04AM

Makes you wonder how long until traditional security companies get bought out by newly-IPOed offshore malware corps.