Malware author tries hand at PR, contacts IBM to correct blog post

The malware market is cutthroat, so criminals have to protect their image

IBM logo

The IBM logo.

Credit: Peter Sayer/IDG News Service

An author on the IBM security blog recently got an interesting request.

The developer of a mobile malware kit wasn't pleased with their reporting, so they reached out to correct the record. IBM's coverage wasn't helping the criminal's business, and so the researcher's post needed fixing.

The email came from the author and core developer of Bilal Bot, a low-rent Android-based malware application designed to harvest data for use in a number of schemes, including banking fraud, card fraud, and identity theft.

The developer reached out to IBM's Limor Kessem after she wrote about the competition in the mobile malware marketplace.

Bilal Bot email to IBM

The criminal's PR outreach centered on two points; correcting the record with two of the other kits mentioned in the post, and to make sure IBM understands the kit is no longer in beta – it has increased it's features and the pricing model has changed.

The IBM blog in question was published earlier this year. At the time the post was written, Bilal Bot was in beta. As such, it just didn't stack up to other kits, including GM Bot and KNL.

This annoyed the Bilal Bot developer to no end. In the email to IBM, the author said the developers of the other kits were banned "in the undergrounds" for scamming. To help fix the original post, the Bilal Bot's author offered an interview to explain the details.

Kessem did some checking, and by all accounts the email request is legitimate. If anything, it goes to show how far some malware developers will go to protect their business' image.

"As I sit here still shaking my head at this, I might add that the supposed author is offering an interview with him in order to fill us up on the most up to date Bilal Bot information. Well, sure, we would be happy to conduct that interview. Bear in mind, Bilal Bot dev, that we may require verifying your real life identity and location," Kessem wrote in a post explaining the curious situation.

A copy of the malware author's email, as well as a list of changes to Bilal Bot are available on IBM's security blog.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.