The underground economy is booming even as the rest of the economy lurches towards recession, according to a new study by Symantec. The net security giant reports that the cybercrime economy has grown into an efficient, global marketplace to handle the trade in stolen goods and fraud-related services. It estimates the combined …
A wholly independent report then!
Nothing like a well-timed bit of scare mongering to make people buy their software.
I don't even need to read it, it goes like this:
"Worlds going to hell in a handcart"
"Unamed and very shadowy groups are waiting to take your business down"
"Are you a technically inept but well meaning CEO...approach your IT department now with the words "I say, those Symantec chaps are jolly clever aren't they, buy their stuff now""
Same every time.
ISPs could do a bit more
I've been doing a lot more to track down and report IP addresses which add comment spam to various websites I run recently. The spam has advertised everything from pills of every imaginable sort, child porn, legal porn, fake bank sites, ... You name it, it's there. From the full logs that I keep it has been easy to trace the extent of each botnet, and even the relationships between parts of the botnets (the bits that look for new links, the IPs that post, etc.)
I've been reporting IPs, in particular back to UK and US ISPs who obviously have users with compromised machines.
I have yet to receive a single reply, nor has any single IP been stopped.
Close down the botnets, you could go a long way to closing down the criminality.
(Bill Gates, obviously, since he's got to take a lot of the blame for putting out the shoddy software in the first place)
you know the best malware is made in the west, there should be a law against this.
More imagination required
The advantage of being a cybercriminal is the anonymity, however this works both ways.
How does the person buying credit card details know that these are the real thing, and not just some pseudo random numbers invented by a program ?
How does the purchaser of 'compromised' IP addresses know that these are genuine, and not a honeypot designed to identify the control addresses ?
It would be relatively easy to flood the market with fake security violations, cheap - but non functional - credit card details and online banking passwords etc. The purchasers are not going to complain to the police when they find they have been ripped off.