Ever wondered why the bad guys continue throwing malware in your direction? The obvious answer is the correct one: because they make money from doing it. On Thanksgiving Day, as all others across the year it would seem, they can be thankful for the high profit to be raked in from using readily available malware purchased within the dark market.

Kaspersky Lab researchers have been doing the math, and their figures suggest that when comparing the cost of the most common hacker tools with the cold cash stolen using them the profit is around 20 times greater than the outlay. By way of example, in order to set up an out of the box social network clone together with a spam mailing list linking victims to it would cost as little as $150 according to the researchers; with just 100 targets getting caught the phishing perpetrators could expect a return of up to $10,000 on average.

Or how about mobile Trojan which 'bricks' a smartphone until a ransom is paid? These are rather more expensive to purchase, about $1000 in fact. However, with unlocking 'fees' set at $200 (and victims are generally happy to pay to get back access to their photos, music and contacts which have not been backed up separately - let alone the problem of resetting a device for the kind of naive, technically speaking, user caught by such malware) it only takes 100 victims to realise a $20,000 return.

However, the Kaspersky research would seem to suggest that the biggest money-maker comes in the shape of banking Trojans that have a cash stealing payload. No messing about, just good old fashioned bank robbery moved into the 21st Century in other words. These Trojans will cost as little as $3000 when bundled with an exploit and mailing list, which may sound like a lot but when you consider the loss to each victim averages out at $722 it doesn't take that many to start raking in the profit.

The thing that the bad guys can be most thankful for, though, is that these off the shelf kits require precious little technical know-how when it comes to using them. They are easy to find by trawling around the various underground hacker forums, which themselves take very little digging to uncover, and cost little as we've seen. "As a result, users need to be especially careful to ensure they don’t lose their money or data" warns Alexander Gostev, Chief Security Expert at Kaspersky Lab who concludes "they should also protect their devices and all online operations performed on them..."

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.