Here is an interesting write up from C|Net on the malware underground.
From C|Net:
“Over the years, the criminal elements, the ones who are making money, making millions out of all this online crime, are just getting stronger and stronger. I don’t think we are really winning this war.”
As director of antivirus research for F-Secure, you might expect Mikko Hypponen to overplay the seriousness of the situation. But according to the Finnish company, during 2007 the number of samples of malicious code on its database doubled, having taken 20 years to reach the size it was at the beginning of this year.
There seems to be some serious evidence then for the idea of an evolution from hacking and virus writing for fun to creating malicious code for profit. Security experts are increasingly pointing to the existence of a “black” or “shadow” cybereconomy, where malware services are sold online using the same kinds of development methods and guarantees given by legitimate software vendors.
It is difficult to establish exactly how organized this malware economy is but, according to David Marcus, security research manager at McAfee Avert Labs, it’s relatively straightforward to buy not only the modules to build malware, but also the support services that go with it.