24. January 2011 · Comments Off on Panda Security goes inside the web’s black market · Categories: blog · Tags: , , , ,

Panda Security Goes Inside Web’s Black Market

PandaLabs released 44 page report called, The Cyber-Crime Black Market: Uncovered. If you are not familiar with the subject, this report is very good. Here are some highlights:

The exponential growth of malware

Five years ago, there were only 92,000 strains of malware cataloged throughout the company’s 15-year history. This figure rose
to 14 million by 2008 and 60 million by 2010, which gives a good indication of the rate of growth.

At this rate is it reasonable to rely on a signature-based approach to malware detection? No mention is made of 0-day malware. We like FireEye‘s behavioral approach to complement a signature-based approach to anti-malware.

The cyber-crime professions

Panda quotes the FBI’s list of ten different professions that make up the cyber-crime black market – Programmers, Distributors, Tech Experts, Hackers, Fraudsters, Hosted systems providers, Cashiers, Money mules, Tellers, and Organization Leaders. This division of labor should give you some idea of the maturity of the cyber-crime underground.

The process

Panda does a fairly good job of documenting the process although this section of the report could have been better organized.

The black market at-a-glance

This section show just how sophisticated the black market ecosystem is. Just like the markets we engage in every day, there are promotion, try & buy offers, discounts for volume purchases, multiple payment options, and post-sale support services.

What to do and what not to do

The report closes with some common sense advice as to what to do and what not to do to minimize your risk of cyber-fraud.