Phillips et al. Conceptualizing Cybercrime: Definitions, Typologies and Taxonomies, Forensic Sciences, 2022, 2(2), 379-398.

Mykko Hypponen, The History and Evolution of Computer Viruses, talk at DEFCON 19, 2011.

and also watch one of:

• If your last name starts with the letters A-I, then watch:
  Thomas X. Grasso, Fighting organized Cryber Crime: War Stories and Trends, talk at DEFCOND 14, 2006.
  
• If your last name starts with the letters J-Z, then watch:
  Peter Gutmann, The Commercial Malware Industry, talk at DEFCON 15, 2007 (if it is helpful, here is a pointer to attached slides
  
  You are welcome to watch both.

Thomas et al, Framing Dependencies Introduced by Underground Commoditization, WEIS 2015.
Ablon et al. Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar, RAND Research Report, 2014.

Kanich et al, Spamalytics: An Empirical Analysis of Spam Marketing Conversion, ACM CCS 2008.
Stone-Gross et al. The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns, USENIX LEET, 2011 (7.5 pages)
Dmitry Samosseiko, The Partnerka -- What is it, and Why Should you Care?, Virus Bulletin, 2009.
(optional) Stringhini et al, The Harvester, the Botmaster, and the Spammer: On the Relations Between the Different Actors in the Spam Landscape, ACM AsiaCCS, 2014.

Levchenko et al, Click Trajectories: End-to-end Analysis of the Spam Value Chain, IEEE Security and Privacy, 2011.
McCoy et al, PharmaLeaks: Understanding the Bueinsess of Online Pharmaceutical Affiliate Programs, USENIX Security 2012.

Questions:

• What are methodological approaches here? Are they repeatable?
• What is Click Trajectories paper trying to push as a core idea?
• What does it want you to assume to be true?
• What does PharmaLeaks paper tell you about pharma spammers and pharma customers?
• What are the implications for addressing the issue?

Holz et al, Learning More about the Underground Economy: A Case-Study of Keyloggers and Dropzones, ESORICS 2009.
Stone-Gross et al, Your Botnet is My Botnet: Analysis of a Botnet Takeover, ACM CCS 2009.
(skim) Scott Berinato, Inside the Global Hacker Service Economy, CSO Online, 2007.

Hao et al, Drops for Stuff: An Analysis of Reshipping Mule Scams, ACM CCS 2015.
Aliapoulios et al, Swiped: Analyzing Ground-truth Data of a Marketplace for Stolen Debit and Credit Cards, USENIX Security 2021.

Moore and Clayton, An Empirical Analysis of the Current State of Phishing Attack and Defense, WEIS 2007
Thomas et al, Data Breaches, Phishing or Malware? Understanding the Risks of Stolen Crednetials, ACM CCS 2017.
(optional)Cova et al, There is no Free Phish: An Analysis of 'Free' and Live Phishing Kits, USENIX WOOT, 2008.

Benjamin et al. Exploring threats and vulnerabilities in hacker web: forums, IRC and carding shops, IEEE Conference on Intelligence and Security Informatics, 2015
Webber and Yip. Humanizing the cybercriminal, chapter in "The Human Factor of Cybercrime", Routledge press, 2019.

Soska and Christin. Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosyste,, USENIX Security 2015.
van Wegberg et al. Plug and Prey? Measuring Commiditization of Cybercrime via Online Anonymous Markets, USENIX Security 2018.

Motoyama et al, Re: CAPTCHAs-- Understanding CAPTCHA-Solving Services in an Economic Context, USENIX Security 2010.
Thomas et al, Trafficking Frauulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse, USENIX Security 2013.

Grier et al. Manufacturing Compromise: The Emergency of Exploit-as-a-Service, ACM CCS 2012.
Noroozian et al, Platforms in Everything: Analzuing Ground-Truth Data on the Anatomy and Economics of Bullet-Proof Hosting, USENIX Security, 2019.

• 2008 Microsoft Security Intelligence,
  [Read Key Findings, Exploit trends, and Malware and Potentially Unwanted Software Trends, skim charts in the rest of report],
• 2023 Verizon Data Breach Investigations Report
  [Read chapters 1 and 2, skim chapter 3]
• Watch Maor Shwartz, Selling 0-Days to Governments and Offensive Security Comapnies
• Skim Maor Schwartz, The boom, the bust and the adjust The offensive cybersecurity industry — trends and updates.

Bhaskar et al. Please Pay Inside: Evaluating Bluetooth-based Detection of Gas Pumnp Skimmers, USENIX Sec 2019.
Also read series of theads on old-school satellite TV hacking (using unroll recommended)
Watch, BBC Panorama Murdoch's TV Pirates, 2012.

[Listen to first 20mins] Darkode (radiolab podcast) , originally aired 2015. (skim) Savage, Coogan and Lau, The evolution of ransomware, Symantec report, Aug 2015.
Huang et al, Tracking Ransomware End-to-end, IEEE Security and Privacy 2018.

Cong et al, An Anatomy of Crypto-Enabled Cybercrime, SSRN paper, 2022.
Gray et al, Money Over Morals: A Business Analysis of Conti Ransomware, eCrime 2022.

Read for understanding how the scams work, the details of detection, etc is less critical

Dave et al, Measuring and fingerprinting click-spam in ad networks, SIGCOMM 2012.
Thomas et al, Ad injection at Scale: Assessing Deceptive Advertisement Modifications, IEEE Security and Privacy 2015.
(Optional)Pearce et al, Characterizing Large-Scale Click Fraud in Zero Access, CCS 2014. re

Miramirkhani et al. Dial One for Scam: A Large-Scale Analysis of Technical Support Scams
UNODC Policy Report, Casinos, cyber fraud, and trafficking in persons for forced criminality in Southeast Asia, Sept 2023 (read sections 1 and 2, 3 is optional)

Chua, MEasuring the Deterioration of Trust on the Dark Web: Evidence from Operation Bayonet, WEIS 2012.
McCoy et al. Priceless: The Role of Payments in Abuse-advertised Goods, CCS 2012.