Say you've bought a tool for infecting PCs and using them to send spam, harvest bank details and passwords, or some other criminal act — but you lack the technical wherewithal to install and maintain the tool yourself.
Have no fear: a new "cybercrime-as-a-service" industry offers hosted, maintained malware deployments that you can rent time on, eliminating the humiliation of groveling before angry teenagers with the technical skills and spare time to get your badware running.
"It was inevitable that services would be sold to people who bought the malware toolkits but didn't know how to configure them," Vajdic said.
"Not only can you buy configuration as a service now, you can have the malware operated for you, too. We saw evidence of that this year."
"Investors get malware developers to write code for them and then get the writers to host and distribute it, too."
Vajdic showed delegates an email purported to be from a malware 'provider' offering hosted services for an extra $50 for three months.
Vasco's regional director for Pacific, India and Japan, Dan Dica, said company researchers buy the kits online and disassemble them to try to learn the secrets of their programming.
"The kits come with maintenance, support and a user guide," Dica said.
I keep waiting for really solid evidence that cybercrime is as pervasive as it seems to be. The best indicator I can think of would be a cratering of cybercrime prices — say, botnet owners slashing prices and desperately spamming all and sundry looking for someone who'll pay to use their bots to DDoS an enemy or victim.
Cybercrime-as-a-service takes off