Online criminals take on the trappings of business

Can you believe it? Service Level Agreements for software written specifically for criminal purposes? Welcome to cybercrime in the Web 2.0 world.

“It’s an ecosystem,” says Rik Ferguson, senior security advisor at Trend Micro. “People have defined functions within that system.”

He says he has been criticised for using terms such as malware-as-a-service – malware being malicious software. “But the business has become as mature as that. The latest viruses are extremely well written and coded, even incorporating up-to-the-minute bug fixes in the encryption technology.”

Security experts are agreed that the nature of cybercrime has changed over the years. There have been three phases, says Greg Day, analyst with the security group, McAfee.

The first was the heyday of the amateur hacker – the writer, for example, of the Melissa virus: “These were stereotypical, sat-in-the-bedroom types doing it to prove they were very smart.” In the second phase, criminally minded hackers used their skills to commit cybercrimes on their own account.

In the third and current phase, professional criminals have moved in en masse and malware writers are adopting a lower profile, selling their products over the internet, rather than exposing themselves to legal sanctions.

To read the complete article, please click here.