
for those of us
who are tech savvy, is now the time to become a crim??
Cybercrooks are becoming faster at utilising newly-discovered browser exploits. More than nine in ten of all browser-related exploits occurred within 24 hours of an official vulnerability disclosure, according to a survey by IBM's X-Force security division. The cyber-threat survey, which looked closely at information security …
These 'crims' are highly structured organisations, each member has a specialised role, and does not go outside his/her remit. For instance the people you'd contact to rent/buy zombies, are just "salesmen", they had nothing to do with spreading of the malware. In the same respect the programmers/exploit writers will have nothing to do with the sales process, and in most cases will have no involvement after infection, as consolidation would be another, distinct job.
Make no mistake, these are highly organised, well funded and well connected people we're talking about.
These organisations bear more resemblance to small multinational corporations than to the social networks of misunderstood teenagers from the old school of hacking. The vast majority of the malware/fraud groups are based out of Russia and China, but with people the world over working for them, they are truely international.
So, the simple answer is no. Unless you have prior dealings with these people (and have something to offer), you will have no luck going into direct competition. They are now, in every sense of the word, professionals, and they WILL do their job better then you.
The new stuff is actually harder to block with a simple filter - I already reject most stuff containing HTML, which takes out the image spam and usually the attachments because they're usually accompanied by a bit of HTML to encourage automatic display. A few words and a URL are much harder to trap, apart from the fact that many of the URLs are usually for domains less than a month old and are so amenable to a whois check on the age (except that whois servers get upset if you hit them too often - perhaps a wake-up call to registrars to police spam domains a bit more actively).