The January “Linux Format” carried an excellent interview with Ross Anderson, professor of security engineering at Cambridge University, one of the founders of security economics as an academic discipline, and author of “Security Engineering: A Guide to Building Dependable Distributed Systems.” In response to a series of questions about software quality and hackers, Dr. Anderson briefly summarized his explanation of the life-cycle of of a compromised host.
"In the criminal underworld, there's a set of separate economic forces that determine what the exploitation pattern will look like. What, for example, are the economics of running a botnet? Well, we know that when machines are captured, typically hackers do such high-value exploits as they can – keyloggers for bank data, and that sort of thing – and then they go down the food chain. Compromised machines may end up being used to send spam, and then once they're blacklisted by all the spam filters, they'll end up being used for distributed denial-of-service attacks."
Maybe this explanation of some of the connections between criminal economics and what is happening on the PC front would be useful in our attempts to continue funding desktop and server protection?
— References —
Linux Format: http://www.linuxformat.co.uk/index.php
“Security Engineering: A Guide to Building Dependable Distributed Systems.” http://www.amazon.com/Security-Engineering-Building-Dependable-Distributed/dp/0470068523/