CYBEREYE

Crimeware becomes commodity

• By William Jackson
• Sep 02, 2011

When Noah was on his ark and it had already been raining for 39 days, was it really newsworthy that the forecast for the next day called for more rain?

That’s something like the situation we are in today when we go online. Spam, malware, data breaches and online crime have become so common that it is difficult to know when an incident is newsworthy.

---

Related coverage:

Cheap SpyEye code threatens to proliferate malware

Bank-robbing ZeuS Trojan returns: Is it just good business?

---

Selective, high-profile breaches have been increasing for the past two years. For a little while at least, that trend was offset by a reduction in the amount of malware being delivered to our inboxes via spam. That has changed, however, according to M86 Security, which reported an epic surge in spam containing malicious attachments in the first two weeks of August. One researcher speculated that it was because of a rebuilding effort on the part of bot herders whose botnets had been decimated by legal action in the past year.

To make things worse, crimeware is becoming a commodity, as sophisticated hacker toolkits that have fetched high prices on the black market are going open source. Source code for the venerable and sophisticated ZeuS Trojan malware became available free on the Internet last spring, and now a reverse engineer has cracked the licensing protection for the SpyEye botnet kit, making it available on the cheap.

Forecast for tomorrow: Rain likely. But then again, once you’re in over your head, do a few more inches really matter?