As with mainstream software providers, the creators and owners of crime-ware toolkits provide 'customers' with update mechanisms, along with sophisticated anti-forensic attack techniques.
They also offer the ability to manage and monitor malicious code affiliation networks.
Researchers at Finjan's Malicious Code Research Center warned that this model creates a new level of crime-ware by supplying an easy-to-use toolkit.
"We are seeing the rise of a new business model in the crime-ware toolkit market," said Yuval Ben-Itzhak, chief technology officer at Finjan.
"Cyber-criminals and organisations are getting better at protecting themselves from law enforcement by using crime-ware services, especially since the operator does not necessarily conduct the criminal activities related to the data being compromised but only provides the infrastructure for it."
Cyber-criminals can now generate more targeted infections and deliver specialised crime-ware for specific geographical regions, according to Ben-Itzhak.
"Criminals are employing marketing and sales techniques to address the cyber-crime economy and ensure that the market they are after gets the proper localised 'product'," he said.
Finjan foresees the next phase in the commercialisation process as creating a service to get straight to the stolen data by providing the victim's data tailored to the criminal intention.
Having such a service eliminates the need for attackers to even have to log-in to manage an attacker profile on a crime-ware toolkit platform.
Cyber-crooks turn to managed services
By Clement James on Apr 9, 2008 7:22AM