Report - New America Foundation

The Malware Markets: A Graphic Exploration

  • Brian de Luna
  • Luke Heine
| August 2017


"Computers and computer systems are becoming ubiquitous, managing everything from government databases, to grocery transactions, to activity on our own phones. However, these systems don’t come without their vulnerabilities, and their exploitation has never been in such high demand. So where does malicious software—the code designed to exploit these vulnerabilities—come from?

Malicious software is bought, sold, and traded. These transactions take place on websites which could be mistaken for ebay clones, over encrypted email between former colleagues, and even when vendors publicly offer cash for flaws in their software. The malware markets are home to both defensive groups, like software vendors, and offensive groups, like criminal networks and other attackers. Companies are involved with building and selling malicious code, from single exploits all the way up to integrated surveillance packages. Underneath all of this is a global network of companies, criminal groups, individuals, and even governments that build, buy, and sell code."

For more information on this publication: Please contact Cyber Project
For Academic Citation: Herr, Trey, Brian de Luna and Luke Heine. “The Malware Markets: A Graphic Exploration.” New America Foundation, August 2017.

The Authors