Share

Related Stories

Top 5 Stories

News

Keeping the customer satisfied: cybercriminals focus on service

28 March 2012

Cybercriminals are shifting to a business model known as malware-as-a-service (MaaS), where authors of exploit kits offer extra services to customers in addition to the exploit kit itself. It was just one of the observations in Verisign’s '2012 iDefense Cyber Threats and Trends' report.

The MaaS trend will probably continue as other developers adopt the same business model, the report predicted.

“The bad guys out there are trying to make a buck, and the way to distinguish themselves from their malware competitors is to layer on additional services”, said Rick Howard, general manager of Verisign iDefense. Cybercriminals want to “keep the customer happy”, he told Infosecurity.

In addition, the report found that the release of the Zeus source code last year has spurred development of Zeus variants and more powerful versions of SpyEye and Ramnit.

After it was released last April, the Zeus source code quickly spread across the Internet via underground websites and file-sharing sites, giving malware authors across the globe access to a powerful and well-written malware platform.

“The self-proclaimed author of the Zeus source code declared in the open that he wanted to retire. He decided to hand over the code to another person. But the code was leaked to the public”, explained Howard.

“That means that Zeus, the most prominent malware trojans out there, is now available to anyone who wants to downloaded it and try to use it for their own purpose”, he said.

Howard explained that the public release of the Zeus code has had two effects. First, he expects to see other malware converge on the Zeus capabilities. Cybercriminals “are going to take existing pieces of malware, like SpyEye or Ramnit, and the features in Zeus that those other pieces of malware don’t have and incorporate them. If fact, we are seeing that already.” Second, Howard expects to see variants of Zeus with a “tweak” like adding encryption.

“We will see a lot more malware out there with a lot more capability….We will probably see more [financial crime] because of that”, he said.
.
On the good news side, the application of sandboxes has made exploiting vulnerabilities significantly more difficult, the report found.

Currently, only two public demonstrations of bypassing sandboxes exist in environments that use and support defense-in-depth strategies such as address layout randomization and data execution prevention. None of the public demonstrations included any public exploit code, the report said.

“This is a good news story. We should realize how far the industry has come”, Howard said. This technology makes it “extremely hard” to leverage exploits in common software, particularly the deployment of sandboxing technology in the main browsers, he noted.

This article is featured in:
Application Security  •  Internet and Network Security  •  IT Forensics  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×