I have been harping long and loud recently about the purpose of malware writing. It’s about the money. No one is writing viuses for notoriety, fun, and fleeting fame anymore. It’s about the money – it’s phishing, it’s spam, it’s botnets, it’s identity theft and credit card and banking fraud.
But there may be some relief. It appears that phishing, at least, has hit the wall of diminishing returns. A Microsoft study recently concluded that phishers efforts are rewarded less and less, in spite of an apprent increase in effort. It seems that phishers might have made similar money doing the same level of computer work in a legitmate line of endeavor. The study is quoted below, as reported in Good Morning Silicon Valley.
“Far from being a path to riches, phishing appears to be a low-skill
low-reward business. The enormous amount of phishing activity is evidence of its
failure to deliver riches rather than its success, as phishers send more and
more email hoping for their share of the bounty that eludes them. Repetition of
questionable survey results and unsubstantiated anecdotes makes things worse by
ensuring a steady supply of new entrants. … The picture that we end up with is
very different from the ‘easy money’ that is conventional wisdom. … The
average revenue for a given phisher is the same (or slightly lower) than he
would have made at another available occupation for his skill level. The easier
phishing gets the worse the economic picture for phishers. As phishers put more
and more effort into the endeavor, the total revenue falls rather than rises.”
— An analysis by Microsoft researchers concludes that in terms of open access to
a finite resource that has limited ability to regenerate, the economics of phishing
and fishing are surprisingly similar