The savviest hackers lock middlemen into long-term service contracts so they can automatically push the newest exploits on unwitting consumers and compensate for patches developed by legitimate programmers.

The agreements ? not unlike contracts between software powerhouses such as Oracle Corp. or Microsoft Corp. and their corporate clients ? leave a trail of code that, in principle, makes it easier for authorities to catch both the hacker and the person who’s buying the program.

But researchers who worked on Symantec’s newest Internet Security Threat Report said the amount of money to be made from computer attacks still outweighs the danger.

“These people are taking a huge risk, and either they’re stupid ? which we don’t believe is the case ? or they’re making big money,” said Alfred Huger, vice president of Symantec Security Response.

continued @ [MSNBC]