A software tool is released with a performance guarantee and the promise of periodic updates. Another commercial application for the market? Not quite. Rather, this is emblematic of how malware writers are doing business these days.
“We definitely see much of the illegal online activity becoming more professional and adopting behavior and practices you would see in a legitimate company,” said Javier Santoyo, senior manager of emerging technologies for Symantec Security Response.
This insight into online criminal behavior is revealed in Symantec’s newly released Internet Security Threat Report. One of its main findings is that cyber-criminals are adopting commercial practices in the development, distribution and use of malicious code and services.
Quality Assurance and Service Agreements
“There is quality assurance testing on these tools, for example,” Santoyo told TechNewsWorld. “Many are even providing services . . . like updating the application or tool every time a new exploit is discovered.”
Such updates are the reverse of what consumers receive from their antivirus protection vendors — that is, instead of updating the software to protect against an exploit, the malware virus writers update the application to exploit the vulnerability.
One example is MPack, a professionally developed toolkit that installs malicious code on thousands of computers around the world and then monitors the success of the attack through various metrics on its online password-protected control and management console, Symantec said.
Phishing toolkits have also become commercialized, with the top three most widely used phishing toolkits responsible for 42 percent of all phishing attacks detected during the reporting period, which ran from January to June 2007.
Attackers are also learning to adapt to the protective measures put in place by companies and consumers. Instead of trying to break through anti-malware defenses, Symantec found, they have been seeding malware on trusted sites that are widely visited, such as popular financial, social networking and career recruitment Web sites. Symantec said that 61 percent of all vulnerabilities disclosed were in Web applications.
Meeting a Need
These virus writers see themselves as providing a necessary service, Santoyo said. “They know that their tools will be used for illegal activities, but they see the end users — the people who actually use their products — as the real criminals.”
Some of this insight was gathered through a series of interviews Symantec conducted with one of the hackers behind MPack. It is an occasional tactic the company uses to complement its own research on current malware trends, said Santoyo.
“They never give information that could reveal their identities or could help us thwart their activities,” he noted. “Still, though, the interviews are invaluable in helping us keep a handle on what is happening.”