What Are the Malware Markets?

The first computer virus, named Elk Cloner, is used on Apple Macs through a floppy disk insertion. Since the World Wide Web had not yet been invented, the first viruses were spread through physically infiltrating computers.

Originally designed to gauge the size of the Internet, the Morris Worm was written by Cornall Grad student Robert Tappan Morris, and released from MIT's computers. While not intended to be malicious, the worm could reinfect computers multiple times, eventually slowing the computer down to the point of being unusable.

Distributed in 1989, the AIDS Trojan targeted AIDS researchers with the first ransomware ever detected but not the last. While the widespread use of ransomware by criminals doesn’t really start until 2013, this early attack showed how disruptive it can be.

Netscape launches one of the first bug bounty programs (paying out small cash rewards in exchange for information about vulnerabilities) for their new web browser, Netscape Navigator 2.0. This set a precedent for many other companies in the decades to follow.

Loveletter, one of the first email worms, reaches tens of millions of Windows PCs. An email titled “ILOVEYOU” with an attached VBA script that overwrote random local files. This marked the beginning of a surge in internet and email worms.

According to security company F-Secure, "As much malware [was] produced in 2007 as in the previous 20 years altogether."

The Zeus virus is first discovered when it is used to steal information from the US Department of Transportation. Zeus will go on to become one of the most influential malicious toolkits in the criminal world with hundreds of later versions and variants.

Conficker was one of the largest internet worms and infected millions of computers, including government, business, and home computers around the world. Clean up efforts by companies and law enforcement were one of the first incident responses coordinated world-wide.

Silk Road becomes the first darkweb marketplace to use both Tor (a software that allows a user to browse anonymously) and bitcoin escrow. While it is mainly known as a marketplace for drugs, it also fosters a prosperous market for malware and stolen data. It was shut down by the Department of Justice and the Drug Enforcement Agency in 2013, but it provided a model for future darkweb marketplaces, tens of which have been created since.

ZeuS Banking Trojan, malware that sends users to customizable servers instead of their intended website, is leaked online. Countless other malware authors adapt the leaked code and new malware is created. Kits of ZeuS are posted online from $2,000 - $10,000 but prices fall as the code becomes available even on GitHub.

Hackers gained access to the credit card information of some 40 million customers, and the personal information of as many as 60 million by compromising Target’s point of sale systems. The sale of this information online reaps financial gains for the attackers and floods the marketplace with stolen credit card and identity information. This is a classic example of the sort of financial gain that drives demand in the malware markets

In 2013, the Cryptolocker malware appeared, introducing the world to the now common elements of ransomware including easy to use payment instructions for victims and ever more capable encryption algorithms. Many more would follow including CryptoWall and the talkative Cerber.

Carberp Source code is published on market and being sold for $50,000. It offers advanced funcitionality along with multiple add ons and additions to its capability. The source code is published on a Russian site.

The malware markets can act as a way to distribute malware but also a place for innovation. The Zberp malware combines leaked source code from ZeuS and Carberp into a hybrid trojan horse which employs aspects of both to exploit software targeting banks and other financial institutions.

With help from countries in Europe and South America, US law enforcement busts a major online marketplace for, among other things, malware. However, within a month the market is back online and operating with better security than before.

The code to a piece of malware for Android phones is leaked on the web. The GM Bot malware can intercept SMS messages and capture passwords typed into fake application windows, making it excellent for stealing banking information.

WannaCry was a ransomware worm that spread around the globe like wildfire and was one of the first widely seen criminal malware based on technology leaked from the NSA.

Authorities in the United States and EU announced they had shut down two major online marketplaces on the dark web after having run both for weeks.