Dec 1, 2008

A peek at the "economy" around us

Back in the day (circa 2004) I was somewhat involved with malware research (detection, prevention, etc.)... for the good guys -- namely Symantec and Florida Tech. About that time I was reflecting on some risk analysis, mainly to get a bit more realistic picture of the economic aspects of vulnerabilities, exploits, malware, etc. Although the market was young at the time, there were signs of financial incentives for the bad guys.

Recently, Symantec published their Report on the Underground Economy. From their blog:
A scanner for remote file include vulnerabilities sold for an average price of $26, and ranged from $5 to $100.

A scanner for cross-site scripting vulnerabilities was advertised for an average price of $20, and prices ranged from $10 to $30.

Exploit links to websites that are affected by remote file include vulnerabilities were sold in bulk—100 links could be obtained for an average price of $34 and 200 links could be obtained for an average price of $70.

SQL injection tools were sold for an average price of $63, and ranged from $15 through $150.

No comments: