It is not only the Onion Router, but the fact that they operate in countries where they are hard to reach -- Latvia, Lithuania, Ukraine, Brazil and others -- where McAleavey says enforcement is lax. "Generally, these 'kids' are smart and don't leave much in the way of tracking data," McAleavey says. "They know how to layer proxies to cause the trail to go cold. Some people working for antivirus companies have successfully managed to audit the trails only to find the perps pull up stakes and move elsewhere by the time the authorities actually show up."
The "app store" element of the business amounts to a detection test service, "where a site accepts uploads of packaged malware and tests it against every known antivirus engine with the latest updates and spits out who detected it and as what. So the kids go back, change the code and keep changing it until nobody detects it whereupon, it goes out."
Paganini reports that Zeus offshoot Citadel offers a basic bot builder and botnet administration panel for $2,399 plus a $125 monthly "rent." It also offers what McAleavey noted -- a module for $395 that, "allows botmasters to sign up for a service that automatically updates bot malware to evade the latest antivirus signatures."
What should enterprises and consumers do? All of the usual things -- don't open odd attachments, even from those you know. Stay away from sketchy websites. Keep your antivirus up to date.
Paganini recommends public awareness and alert networks spread through social media. He would also like to see task forces composed of members from various sectors like government, industry, health and the military, "since we are facing cross-sector threats."
But neither Paganini nor McAleavey is optimistic in the short run. "As long as there's ways to get into Windows, and money to be made doing so, there will be no shortage of malware authors and those willing to make money servicing them -- until the means of hijacking machines themselves is solved," McAleavey says.
Paganini says there are no products on the market now that are able to block an enemy that "grows day by day."
"We are completely unprepared," he says, to fight a "perfect business machine that moves an amount of money equal to the economies of several nations."
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.