Keeping Up with Polymorphic Worms and Botnets

If you are a cracker who has written an exploit, you have a choice between fame and fortune. In the good old days, crackers chose fame. But now fortune appears to be far more appealing. Crimeware is a multibillion-dollar economy, according to Chad Harrington, vice president of marketing at FireEye, makers of a crime-stopping -- or should I say cracker-stopping -- appliance that uses virtual technology to stop an exploit before it gets into your network.

Lest you think crimeware is the domain of some 16-year-old kid with too much time on his hands, here's the multilayered reality. At the bottom level, there are the crackers. These guys sell the vulnerability information to the next level up, called bot herders.

A bot in crimeware terminology is a compromised machine. The bot herders assemble this botnet of compromised machines and sell it to what are called the fraudsters. The fraudsters use the exploited machines to steal identities, customer and employee data, intellectual property, and the like. On the open market, an exploit can be sold for as little as $200 and as much as $50,000, Harrington says.