CONCLUSION

Commercialization of malware evolved into its own underground economy, complete with competing organizations, well-defined business models, and mergers and acquisitions. The phenomenon of having malware construction kits available to anyone creates a continuously morphing geographically and politically distributed attack vehicle that is difficult to detect and defend against.⁶⁷ More people with “criminal intent,” who previously did not have the tools and the know-how to steal and defraud online, now have this ability along with the tools. What is worse, since the ability of releasing malware into cyberspace is accessible to the masses, these masses can be manipulated or persuaded by governments to launch cyberattacks against their adversaries without “officially” engaging in acts of cyberwarfare.

It has been mandated by the US President Barack Obama to:

… continue to invest in the cutting-edge research and development necessary for the innovation and discovery we need to meet the digital challenges of our time.⁶⁸

Innovative actions against commercially available malware will be at least a part of the solution.

Reactive defenses, such as firewalls and antivirus checks, are no longer effective. The only way to deter the “entrepreneurs” of the malware underworld and their consumers is to turn their weapons against them. It means actively striking back using specialized botnets, viruses, and software agents directed at the makers and the consumers of such malware, striking them at the source, exposing their identities, and disabling their own computers and networks.

While there are various laws and statutes to deal with those who employ computer programs such as viruses or even “unintended malware” to:

infect other computer programs or computer data, consume resources, modify, destroy, record or transmit data, and disrupt normal operation of a computer system,⁶⁹ there are, it would appear, no adequate laws to deal with producers of malware toolkits.⁷⁰ Special laws should be established to criminalize production of malware components for sale as well as for buying them, even if the producers or buyers themselves do not use them.

Will these measures completely deter all the producers and consumers of malware toolkits? These measures will probably not deter all, but they will deter some – and this is a start.

⁶⁷ Ollmann, Gunter. “How Criminals Build Botnets for Profit.” Central Ohio InfoSec Summit, Columbus, OH. 2011.

⁶⁸ Obama, Barack. “Remarks By The President On Securing Our Nation’s Cyber Infrastructure.” The White House. May 29, 2009. www.whitehouse.gov/the-press-office/remarks-president-securing-our-nations-cyber-infrastructure (accessed April 30, 2011).

⁶⁹ Virus/Contaminant/Destructive Transmission Statutes, National Conference of State Legislatures. www.ncsl.org/default.aspx?tabid=13487 (accessed May 28, 2011).

⁷⁰ Ollmann, Gunter. “How Criminals Build Botnets for Profit.” Central Ohio InfoSec Summit, Columbus, OH. 2011.