Speaking at the Vasco Banking Summit in Sydney yesterday, the company's technical account manager, Vlado Vajdic, told delegates that cyber crime was becoming so business-like that online offerings of malicious code often included support and maintenance services.
Additionally, he said, cybercrime outsourcing would become a key trend in 2009.
"It was inevitable that services would be sold to people who bought the malware toolkits but didn‘t know how to configure them," Vajdic said.
"Not only can you buy configuration as a service now, you can have the malware operated for you, too. We saw evidence of that this year."
"Investors get malware developers to write code for them and then get the writers to host and distribute it, too."
Vajdic showed delegates an email purported to be from a malware 'provider' offering hosted services for an extra $50 for three months.
Vasco's regional director for Pacific, India and Japan, Dan Dica, said company researchers buy the kits online and disassemble them to try to learn the secrets of their programming.
"The kits come with maintenance, support and a user guide," Dica said.
"For $400 you can become a hacker."
Vajdic said that toolkit creators increasingly appeared to apply commercial development techniques in their creation.
"There's evidence of solid software engineering practices being built into them," he said.
"Today's bad guy is a business person that attracts investment, has malware writers working under them and probably even employs a project manager. These people are high-flyers."
Vajdic also said that the malware writers often viewed themselves as being involved in a legitimate business.
"They say it is spyware or that it's for research purposes only and they can't control what you do with it," Vajdic said.