Crimeware is a multibillion-dollar economy, according to Chad Harrington, vice president of marketing at FireEye, makers of a crime-stopping -- or should I say cracker-stopping -- appliance that uses virtual technology to stop an exploit before it gets into your network.

Lest you think crimeware is the domain of some 16-year-old kid with too much time on his hands, here's the multilayered reality. At the bottom level, there are the crackers. These guys sell the vulnerability information to the next level up, called bot herders. A bot in crimeware terminology is a compromised machine. The bot herders assemble this botnet of compromised machines and sell it to what are called the fraudsters. The fraudsters use the exploited machines to steal identities, customer and employee data, intellectual property, and the like. On the open market, an exploit can be sold for as little as US$200 and as much as $50,000, Harrington says.

Although there are layers of security to contend with beyond compromising the operating system, once in the door, the rest is relatively easy pickings.

"Getting back out again is the tricky part," Harrington says.

Bot herders typically charge $1 per compromised machine, per month. But if they've cracked into a major corporation with access to customer and employee data, they could charge as much as $100 per system, per month.