News Stay informed about the latest enterprise technology news and product updates.

New hacker skills optimize revenue

Cybercriminals take tips from business pros to expand their reach, optimize revenue and make the most money with the least amount of investment.

Malware is evolving into a rewarding, mature high-tech market, and it's not surprising that the financial incentives of developing and peddling malware can outweigh the risk of penalties that include spending quality time in jail.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Malicious code developers may not be business school graduates, but they appreciate basic business principles to expand their addressable market; optimizing revenue from the install base and leveraging technology. That was the takeaway from the Cisco 2009 Midyear Security Report, an excellent summary of the major malware activity written for a less-technical executive audience.

The nature of most malicious activities on the Internet has forced cybercriminals to find ways to maximize returns and do so in a more polished, business-like way. There's no doubt that most tech vendors will recognize the activities below.

  • Expand the addressable market. One way to grow a business is to grow the number of prospects the business sells to. Given a sales closure percentage, more prospects generally leads to more revenue. Malicious teams are constantly using new skills and techniques to reach unprotected endpoints. Spam is the most effective means of attracting new endpoints. According to Cisco and the Messaging Anti-Abuse Working Group, spam attacks are easy to implement, difficult to trace to the source, and generate a predictable revenue stream.

  • Mine the install base. Every business knows it is easier to farm the install base then it is to hunt new customers. Malicious developers of botnets make money by utilizing the software real estate of their installed base. Bots that are initially designed as launch platforms for low-and-slow spam activity are rented or sold to other attackers for lucrative ID theft, denial-of-service attacks, or other spam campaigns. It has reached the point where botnet owners now have to use security methods to protect their installed base from competing botnet developers.

  • Sustain and innovate technical differentiators. High-tech vendors emphasize their technical differences from competitors to market the best solution to customer problems. Those with poor differentiation usually are forced to compete on price and to live on thinner margins. The attack trend is to differentiate and move quickly with new technology to keep ahead of security researchers. Look for malware developers to continue to innovate with DNS redirection, new forms of spam, harder to detect botnets, website hacks, and Web 2.0 malware designed for social networking (e.g. Facebook), social communications (e.g. Twitter) and social mobile devices (e.g. iPhone applications).

Ironically, it is the Conficker Working Group itself that provides a lasting example of the agility attackers display in applying basic business principles. While is the published site of the multivendor security working group, is a cybersquatter site. It seizes the opportunity presented by Conficker publicity to expand the addressable market of site visitors, mines that base with malware (including a button for the Conficker Worm Remonal – sic), and seems to employ multiple malware technologies as a differentiator. It is a perfect illustration of how easy it is to set up an attack and how difficult it is for security to distinguish between a predatory site and one that is just distasteful. Readers of are savvy enough not to venture near this site. If you do not see a column from me next week, you'll know that I made a mistake and my computer just went up in smoke ;).

Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to

Dig Deeper on Hacker tools and techniques: Underground hacking sites

Botnet research suggests progress in cybercrime war The recent arrests of those suspected of being connected to the Mariposa botnet and the legal action by Microsoft to take down the command and control of the Waledac botnet may be a sign that those defending the Internet are gaining ground against botnets and the cybercriminals behind them. But a complex web of legal and jurisdictional issues remain, said botnet expert Joe Stewart, director of malware research at SecureWorks Inc. In a wide ranging interview at the 2010 RSA Conference, Stewart explained whether the tools and the resources are available to win the botnet war. He said more work needs to be done before victory can be declared. As soon as a botnet is taken down, cybercriminals have shown they can quickly rebound, deploying new bots to spread malware and harvest data, Stewart said.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.