The Dynamics of the Malware Industry - Proprietary Malware Tools

The Underground Economy's Supply of Goods and Services

The demand for private malware tools such as crypters, loaders and droppers is in tact with the supply of such tools, a market model whose higher profit margins satisfy both the coder of the tool as the seller and the buyer who's willing to pay a higher price for an undetected malware tool compared to using the publicly available and therefore with a high detection rate ones. The seller's one-to-many market proposition may generate sales on a volume basis, but the more people have the malware tool in question, the more commoditized, thus ineffective and much easier to fall into the hands of an anti virus vendor or a researcher it gets. And so, proprietary malware tools started emerging, ones only a small amount of people have access to. Nowadays, the malware industry is slowly maturing to a services-oriented economy as the logical evolution from a products-centered one, further accelerating its dynamics and future growth. What follows once goods and services both mature as a concept? Outsourcing, which as a matter of fact is already happening.

The Invisible Hand of the Malware Coder

The concept of proprietary malware tools is a very interesting one mainly because the coders of the malware tools are exercising control over the supply and distribution of the malicious goods in order to earn a higher return on investment, and ensure the customer gets the best product ever, one that must remain undetected for as long as possible. In respect to the distribution, it's sort of a self-regulation issue mainly because the buyer that spent a significant amount of money to obtain the latest malware tool will not leak it online and turn it into a commodity. As for the seller, he's ensuring that the tool will be sold to, for instance, five different people, no more and no less, since the perceived value and coder-added exclusiveness will result in a very high profit margin.

The market gets even more dynamic with the possibility for the buyer to exchange the malware tool he obtained at the over-the-counter market, and by doing so to limit the tool's exclusiveness, risk to have its value come close to zero if it leaks online, and most interestingly, his actions would have a butterfly effect on the other four people that hypothetically paid a higher profit margin price to obtain it. Given that the seller is interested in a higher profit margin only, he could either increase it and sell it to less than five people thinking that the less people have it the lower the chance it will leak or get exchanged, or if customer satisfaction and long-term relationships matter come up with a strategy on how to ensure the tools remain exclusive, though educating his customers for instance.

Images of crypters and joiners are samples of currently available proprietary malware tools for sale.