As the U.S. stock market indexes dramatically declined in September, cybercriminals began organizing their efforts to sustain profitability. While the stock market shows a sharp declining trend, malware has a very different trend which indicates growth during periods of economic uncertainty or recession. In essence, cybercriminals are adapting tactics in response to changes in the market, therefore proving that they are gaining rather than losing ground in these times of economic upheaval.

When the lab began looking into the specific effects cybercriminals had on the economy during times of duress, we found a startling and unexpected connection: the criminal economy is closely interrelated with our own economy. Based on our extensive research and analysis of malware patterns, we believe criminal organizations are closely watching market performance and adapting to ensure maximum profit: activity appears to increase during times of fluctuation in the markets and the economy.

Between Sept. 1st and Oct. 9th, as the stock market values continued to drop, the threat activity continually increased: activity on the “malware market” grew substantially as the stock markets declined.

This appears to be a deliberate strategy to infect as many consumers as possible during heightened economic fear as a way of changing the odds in their favor to maximize profits. A notable example is the recent orange alert PandaLabs issued earlier this month: 30 million victims were infected with fake security software, and of those infected 3.5 percent paid out of fear of loss from identity theft due to the compelling pop-ups informing that the computer was severely infected.

Heightened fear during economics crises plays into cybercrime strategies: as the Dow looses significant value, the perception of economic instability leads to more victims succumbing to fake AV software. Essentially out of fear of loosing everything the victim pays. This strategy is working very well as it plays into the lack of confidence in the markets. When timed right it works very well in terms of generating mass revenue ($14 million USD per month) in a short period of time..

Figure 1 shows the general decline of market indicators (average of DJIA, NASDAQ, and S&P 500) for a period of one and a half months with correlating significant spikes in new malware detections.

Figure 2 narrows the range to between Sept. 8 and Sept. 16. The indexes dropped 3.0% on Sept. 9 while malware increased to over 24,000 new threats: over 100% increase from previous day. Sept. 16 saw more than 5.5% decline in value while malware threats climbed to over 31,000 new intances.

Figure # 1 – U.S. stock market vs. malware market 9/1/08 – 10/9/08

Figure 1

Figure # 2 – U.S. stock market vs. malware market 9/8/08 – 9/16/08

Figure 2

As evidenced by this compelling data, there will be no end to the persistence and pervasiveness of cybercriminals and their attempts at exploiting malware for financial gain. Regardless of the economic state we are in, cybercriminals are continually adjusting their strategies, and from this evidence are capitalizing on economic lows to prey on unsuspecting victims and enterprises. With continued analysis, we have a deeper understanding of the relationship between the economy and the evolution of cybercrime. By remaining vigilant and aware of these findings, we can all become better prepared to protect ourselves and the economy from the very real dangers of malware.