For 'Malware as a Service' merchants, business is booming
Malware merchants have matured, and are more diversified and dangerous than ever.
By Taylor Armerding
February 01, 2012 — CSO —
They are well organized. They pay close attention to product quality, working hard to make it effective and scalable. They are all about customer service, providing after-sales support. They even solicit the help of their customers in product development.
All admirable qualities. But all in the service of theft.
They are malware merchants; in the business of helping others steal from legitimate businesses and innocent consumers. And they have evolved to the point where they operate much like the legitimate software industry. It is possible to buy malware from what amounts to an app store, or to contract for Malware as a Service (MaaS).
"The life cycle of (malware) products is the most amazing aspect," writes Pierluigi Paganini, a certified ethical hacker and founder of Security Affairs in Italy, in an article posted this past week on Infosec Island. "From design to release to after-sales support, each stage is implemented in every detail with care and attention."
One of the most famous examples is the Zeus Trojan, designed to steal banking information, which can be customized with new features demanded by its customers. There are an estimated 3.6 million computers in the U.S. that have been compromised by Zeus botnets.
In early January, the Israel-based security firm Trusteer reported on a new version of the SpyEye Trojan that, somewhat like a security camera hack, swaps out banking web pages to prevent account holders from noticing that their money is gone.
Not that the botnet market is new. But it is maturing, and is more diversified and dangerous than ever.
Kevin McAleavey, cofounder and chief architect of the KNOS Project outside Albany, New York, who has spent more than a decade in antimalware product development and research, says this is a logical progression. "Today's 'professionals' were once amateurs, and by that I mean the authors of the malware itself," he says. "It should come as no surprise that what may have once been done 'for fun' can readily be monetized by criminal and government elements for their own purposes."
The modern malware developer and distributor, he says, is selling not just the malware itself, but "the means to keep it hidden and from being detected."
But, if these merchants of malware are operating like businesses, can't authorities just track them down and shut them down?
Not so easily, it turns out. Most use the so-called "Onion Router," which lets users conduct business anonymously.
"The only time one has a chance to track down individuals is when they rat each other out," says McAleavey.
Understanding malware techniques and the ever-more sophisticated cybercrime ecosystem
Virtual analysis misses 1/3 of malware?
Advanced evasion techniques emerge
Organized cybercrime revealed
The rise of anti-forensics
The botnet hunters
Timeline: a decade of malware
- Enterprise File Sharing: All You Need to Know
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- Software Asset Management - Program Considerations to Help Reduce Risk and Lower Costs
- Content Analytics Explained
- Attacks from China: A survival guide
Chinese cyberattack activity is back in the news this morning, with new details emerging on new attacks. Here's a collection of stories to help infosec pros better understand the threat. - #FFSec: Infosec pros who bring value to Twitter
- B-Sides Boston is Saturday
More Salted Hash with Bill Brenner
