Between the Lines

Larry Dignan, Andrew Nusca and Rachel King
Home / News & Blogs / Between the Lines

Follow the money: The ROI Scareware, Spyware, click fraud, pharma spam

By | December 7, 2009, 9:01pm PST

Massive banking exploits and easy to deploy threats will be more prevalent in 2010, but the real cash cows will remain scareware, spyware, click fraud, advance-fee fraud and pharma, according to Cisco’s annual security report.

The report, which largely highlights the security threats to social networking, features an interesting matrix dubbed the cybercrime return on investment. If you ever wonder why threats are growing so rapidly all you have to do is follow the dough.

Cisco based its matrix on Boston Consulting’s growth-share matrix with a twist. Here’s a look:

Judging from this chart you can expect scareware, clickfraud and pharma spam to stick around for a while. Why ditch a moneymaker just for variety?

What remains to be seen is whether social networking threats become cash cows. Wouldn’t it be ironic if criminals found a better way to monitor social networks than the actual sites themselves?

Among other key items in the report:

  • Cisco deems the Zeus.A Trojan, which delivers malware via targeted phishing and drive-by downloads, as the most audacious criminal operation.
  • Koobface, which appeared on Facebook in 2008 and Twitter in 2009, is the most notable criminal innovation. Koobface lures users into clicking a link for a YouTube video that launches the worm. More than 3 million computers have been infected by variants of this malware.
  • Social media is an emerging spam vehicle, but the old pharma spam still works well. The Annual Security Report estimates that in 2010, spam volume will likely rise 30 to 40 percent worldwide over 2009 levels.
  • Cisco cooked up “the Cisco Global ARMS Race Index” which measures “Adversary Resource Market Share” (ARMS) and provides a way to track the overall level of compromised resources worldwide—the networks and machines currently under “adversarial control.” It’s a Richter Scale for security.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Between the Lines”

Topics

Network, Click Fraud, Pharmaceutical Company, ROI, Spam, Cisco Systems Inc., Spyware, Social Networking, Cyberthreats, Security, Online Communications, Marketing, Advertising & Promotion, Larry Dignan

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic.

Disclosure

Larry Dignan

Larry Dignan has nothing to disclose. He doesn’t hold investments in the technology companies he covers.

Biography

Larry Dignan

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CNET News.com. Larry has covered the technology and financial services industry since 1995, publishing articles in WallStreetWeek.com, Inter@ctive Week, The New York Times, and Financial Planning magazine. He's a graduate of the Columbia School of Journalism and the University of Delaware.

For daily updates, follow Larry on Twitter.

7
Comments
Add Your Opinion

Join the conversation!

Just In

Bing ye ....
n0neXn0ne Updated - 9th Dec 2009
.... Just get a clue one a subject, any one will do. Just get one.

^o^

View in thread
0 Votes
+ -
Windows users have been saying this for years.
ye 8th Dec 2009
If you ever wonder why threats are growing so rapidly all you have to do is follow the dough.

And the ABMers insisted it wasn't true.
0 Votes
+ -
Thanks for the FUD
rock06r 8th Dec 2009
If you read the story critically rather than just peeking at the pretty pictures, you would understand that every single one of the exploits listed is (a) platform independent or (b) server/cloud based. Why on earth that has anything to do with "Windows" or "Mac" or "Linux" is beyond me. But hey, start the blamegame with the very first post. At least you can claim you were first.
0 Votes
+ -
LOL!
ye Updated - 8th Dec 2009
If you read the story critically rather than just peeking at the pretty pictures, you would understand that every single one of the exploits listed is (a) platform independent or (b) server/cloud based.

You'll need to take this up with Dietrich where he says:

"But, the primary vector is via security defects present in Microsoft Windows."

http://talkback.zdnet.com/5208-10532-0.html?forumID=1&threadID=72438&messageID=1402705&tag=content;col1

This ought to be good. A battle of the ABMers!

Oh, and if we're to accept your argument then I don't want to hear anything about switching to some other platform to protect yourself. You can't have it both ways. But I know you'll try.
0 Votes
+ -
Sorry, where is the FUD?
denderick 8th Dec 2009
I think the platform question was raised for exactly
the reasons you claim it to be irrelevant.

I believe the point was that windows infection rates
has/had less to do with the softness of the target and
everything to do with the payoff, i.e. against faith-
based fanboy security illusions.

Note that you identify the delivery mechanisms as
platform independent, but the TARGETS are not. It is
not the cloud apps/servers being infected, but
enterprise and consumer clients.

Which targets will see more focus? The ones that pay
off, which mostly relates to market share in my
opinion.
0 Votes
+ -
Bing ye ....
n0neXn0ne Updated - 9th Dec 2009
.... Just get a clue one a subject, any one will do. Just get one.

^o^

0 Votes
+ -
Many factors
D T Schmitz Updated - 8th Dec 2009
But, the primary vector is via security defects present in Microsoft Windows.

Spam email is a subject unto itself.
The remedy for spam email is radical but obvious.

For example, we enclose our letters in envelopes, do we not?
Why?: Privacy.
The solution for elimination of spam is to 'close down' the weak link in MIME format: sender id.

All emails sent are by default 'clear-text'.

How?: Employ GnuPG signed certificates.
But will everyone use encrypted email?

Only if:

1) There is a mandate and international treaties to enforce uniform use, with enforceable penalties for non-compliance.

The effect:

Assumptions can be made by ISPs to check MIME headers for the presence of GPG signed certs and if email is not compliant, handle shunting said email in conformance with mandated guidelines.

All emails sent with signed GPG certificates (can only be signed by humans) will eliminate spambots ability to send email from a compromised system.

The mode of transmission is severed and spam email ceases to thrive and exist.

General Security:

Consider moving PCs inherent security issues to a more secure platform such as Linux, BSDs or OSX.
0 Votes
+ -
So what are the defenses?
ejhonda 8th Dec 2009
Traditional FW/AV defenses are pretty ineffectual against these threats. Hell, we've taken away local admin privileges from users and they still end up infected. We've done user education campaigns, and they still get infected. So what is the defense against these threats? I've attended Patrick Gray's presentations on this issue and it's pretty depressing. Some vendors offer Secure Web Gateway products, but I can find nothing on how effective or ineffective they are in providing a solution to this issue.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix