As with mainstream software providers, the creators and owners of crime-ware toolkits provide 'customers' with update mechanisms, along with sophisticated anti-forensic attack techniques.
They also offer the ability to manage and monitor malicious code affiliation networks.
Researchers at Finjan's Malicious Code Research Center warned that this model creates a new level of crime-ware by supplying an easy-to-use toolkit.
"We are seeing the rise of a new business model in the crime-ware toolkit market," said Yuval Ben-Itzhak, chief technology officer at Finjan.
"Cyber-criminals and organisations are getting better at protecting themselves from law enforcement by using crime-ware services, especially since the operator does not necessarily conduct the criminal activities related to the data being compromised but only provides the infrastructure for it."
Cyber-criminals can now generate more targeted infections and deliver specialised crime-ware for specific geographical regions, according to Ben-Itzhak.
"Criminals are employing marketing and sales techniques to address the cyber-crime economy and ensure that the market they are after gets the proper localised 'product'," he said.
Finjan foresees the next phase in the commercialisation process as creating a service to get straight to the stolen data by providing the victim's data tailored to the criminal intention.
Having such a service eliminates the need for attackers to even have to log-in to manage an attacker profile on a crime-ware toolkit platform.
Cyber-crooks turn to managed services
By
Clement James
on
Apr 9, 2008 7:22AM

Security experts have warned that criminals are increasingly turning to a managed services model to avoid having to deal with the technical challenges of internet crime..
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see