In the 80’s I lived in NYC. At the time, enterprising hustlers had re-introduced the old Three Card Monte con game to NYC streets. Like wide ties and frozen yogurt shops, Three Card Monte always seemed to come back into fashion. Before you knew it, the streets were full of grifters running games. Whole blocks would be lined with these low-rent con men, standing behind cardboard boxes, tossing cards and asking the suckers to put their money on the red queen.
 
How could there be that many bad guys running Three Card Monte scams at one time? Well, there was plenty of money to be made, and it drew the criminal element like flies to honey. Grifters were making a lot of money at the con and every two-bit chiseler wanted their own piece of the action. Plus, there was very little needed to get in on the scam. The barrier to entry was low. You only need three playing cards, a couple of cardboard boxes for a...

Despite the recent economic downturn, phishing and spam scams are still profitable for attackers, possibly because phishers are able to quickly target their scams to match prevailing attitudes. For instance, phishers are enticing potential victims with lures that spoof well-known financial institutions and which promise easy access to low-interest loans and credit. Spammers are also attempting to use the uncertainty of the financial situation to their advantage. While it might be expected that spam offering stock market tips or other financial opportunities would drop off during a period of market uncertainty, it is likely that such a drop-off would be balanced out by an increase in spam offering such recession-related enticements as low-interest loans and easy access to credit.

Many phishing attacks that spoof financial services brands prompt users to enter credit card information or banking credentials into fraudulent sites. If this ruse is successful, phishers can then...

The prevalence of Web-based applications and the ease of which these applications can be exploited using vulnerabilities have contributed to the widespread nature of Web-based attacks. Attackers can successfully reach and compromise a massive number of targets, and this remains as the source of motivation behind Web-based attacks. Attackers who wish to take advantage of client-side vulnerabilities no longer need to actively compromise or break into specific networks to gain access to those computers. Instead, by attacking websites, attackers can use them as means to mount client-side attacks.

An attacker can exploit any number of Web application vulnerabilities, such as SQL injection vulnerabilities, to help mount their Web-based attack. Surprisingly, many of these vulnerabilities are not used to directly compromise enterprise data assets or gain access to sensitive information. They are used simply as a way of injecting malicious content into websites as a means of...

The newly released Symantec Report on the Underground Economy discusses a number of topics, including the supply and demand of goods and services that were advertised for sale in the underground economy. This information was gathered by monitoring various IRC channels devoted to the commerce of these good and services. In particular, I’d like to highlight some of the things we observed in analyzing the trade in malicious tools.

One of the things we observed is that the underground economy is self-sufficient. What this means is that the tools necessary to produce goods and services are also available for sale in the underground economy. This indicates that the market has matured enough that productivity gains can occur through the division of labor; i.e., the economy makes it viable for individuals to increasingly specialize in the tasks they excel at. This is where...