Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"websense"
on Websense Express 1.0
by Ruben | Jul 23, 2008 8:01 PM
 
"The hot fix in particular is KB951748 This is for xp users only Hope this helps"
on ZoneLabs details Microsoft patch workarounds
by Steve | Jul 22, 2008 5:35 PM
 
"kdjfkjasd"
on HP WebInspect 7.7
by fdsf | Jul 19, 2008 10:19 PM
 
"Hacked? No, it was not hacked. Lots of people were told to search for it. That's all."
on Google Trends hacked again
by kgh0st | Jul 19, 2008 3:33 PM
 
""but experts are poring over the site's logs to find the vulnerability that allowed the security ..."
on Popular porn site hacked by prudes
by J | Jul 18, 2008 9:53 PM
Web

Malware mimicking legitimate business

  • Email a Friend
  • Print Page
Related Articles
By Iain Thomson
Apr 9, 2008 11:34 AM
Tags: "symantec" | "malware" |
Malware development is now closely mimicking the legitimate business world, according to Symantec's latest internet security threat report.

Criminals are increasingly outsourcing parts of the malware process, be it writing code or developer tools, distributing the finished product or even setting up support services for organisations that buy the software.

Some crime-ware writers also offer service contracts, so that if one piece of malware is blocked another is sent to customers immediately.

"It is fascinating how the market has developed. It has been a phenomenal 12 months," Richard Archdeacon, Symantec's technical services director, told vnunet.com.

"It is completely business-oriented. They supply product in the same way as any software business."

Archdeacon described how malware groups are investing in software automation to make generation and distribution as easy as sending spam, and that cottage industries are springing up to find vulnerabilities in specific software.

All this has made life much tougher for the security software industry. Symantec said that new malware threats rose from 74,482 in 2006 to 499,811 in 2007.

"It is like trying to fight a competitor that's changing its products every week," said Archdeacon. "The only thing now is to update tactics to disrupt their business and break the business model."

Further evidence of the commercialisation of the malware industry can be seen in price differentials in the value of stolen data.

For example, a compromised US credit card can be had for as little as 40 cents, while prices for EU and Asian cards can go as high as $20.

The Symantec report, which covers July to December 2007, found a further decline in the use of worms to infect computers in favour of Trojan attacks that allow for full control of a PC.

There has also been a return to methods not seen since the beginning of the computer age, according to Archdeacon.

"The first viruses were distributed on floppy discs, and this technique is back in fashion, although this time it's via USB sticks," he said. "We have found code that targets those devices and spreads that way."

Financial sites still make up the bulk of targets for phishing attacks, but attacks on ISPs now make up 18 per cent of the total.

This is because the web space that often comes with such accounts can be used to host valuable phishing sites and email accounts for spam.

Copyright © 2008 vnunet.com

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below: