"Cyber-crime nowadays takes many forms, and perhaps even more dangerous than botnets are the targeted attacks that we have witnessed recently," explains Luis Corrons, director of PandaLabs. "The biggest problem lies in their secrecy: a large company could be serving the interests of a group of malware creators without realizing it. Many of their computers could be at the disposal of these cyber-crooks, with all the legal implications that this might have for the company itself." Until now it is a risk that companies have not considered sufficiently, but one which is no longer possible to ignore."
Most of the successful attacks exploit the most vulnerable facet of every companies defense. It's people. Targeting executives within a specific industry group such as the savings and loan sector is a good example. The global marketplace for reselling data about people is now showing exponential growth. Once the executive clicks on a link inside what looks like a legitimate email he has opened his network to a potential new "Zombie".
Why do the spammers, pharmers and spear phishers continue to invest in these types of attacks? It's good for their criminal business.
The FBI recently snared a 20-year-old hacker (Jeanson James Ancheta) whom they believe wrote computer code to assemble botnets and sell access rights after he was lured into a trap. Ancheta in his plea accepted responsibility for selling botnets and directing zombie machines to surreptitiously download adware besides intruding into government computers.
Ancheta is understood to have as a result benefited by $3,000 from botnet sales and $60,000 from the clandestine adware downloads. With close to 400,000 machines under his control, Ancheta was doing well enough to gift himself a BMW.