Just a few years back, malicious code writers were meeting in stealthy IRC chat rooms, exchanging ideas on obscure forums, and doing their thing just for fun (and notoriety). Now, it is a money game, and in business you need efficiencies.
Couldn’t think of anything better to drive down time to market in the software game than going open source, and that is exactly what malware technicians are doing. They are leveraging tools like CVS to share code, and it wouldn’t surprise me if CVS and Subversion depositories start popping up all over the place. But how will we know when that happens?
There are now malware search engines as well.