As 2009 moves through a worldwide financial crisis, the underground markets continue to thrive.
A recent perusal through prices offered various services shows that a user can obtain a private spambot kit for just under $5000, an exploit kit for another ~$400 complete with the newest pdf, flash, and browser exploits (Internet Explorer, Firefox, and Opera covered here), subscribe to an AV-detection/evasion service for under $100/month, and subscribe to an email address harvesting service that boasts almost a billion verified private addresses all for a low price of under $100 per 1 million sorted addresses. These marketplaces are currently very active.
The technologies being peddled are slowly adapting as the defenses in the field change, with promises of multi-platform effectiveness (XP, Vista, etc) in feature lists and pro-active/heuristic detection functionality addressed by evasion services.
Based on a walk through the market like this one, it’s easy to predict that client side attacks, delivering spambots and DdoSbots will continue with high levels of activity, regardless of the recession.