Latest malware trick: outsourcing quality assurance

Malware distributors are outsourcing their quality assurance programs to services provided by the likes of virtest.com

Creators of Waledac malware enlisted the Conficker botnet as a tool to spread malware of their own, marking the first time Conficker was made available for hire, according to Cisco's mid-year security report.This was symptomatic of a wider trend Cisco noted of malware purveyors using established business practices to expand their illegal enterprises. Cisco likened the arrangement between Waledac and Conficker to a partner ecosystem, a term Cisco uses to describe its collaboration with other vendors.

Waledac used the Conficker distribution channel to send spam and to expand its own botnet, Cisco says.

Malware distributors are also outsourcing their quality assurance programs to services provided by the likes of virtest.com, Cisco says. For a fee the site tests malicious files against the latest versions of 26 virus-scanning software products to determine whether the anti-virus software can detect the malware.

Cisco says running the malware through this screening results in malware that is 10 to 20 times more effective than it would be otherwise, and frees up the attackers to work on other products rather than test how detectable their current exploits are.

The report pronounces rogue anti-virus the cybercrime product of the year. The software infects victims' PCs with a Trojan then offers to sell them anti-virus software . The Trojan displays warnings that a virus has been found on the machine and recommends anti-virus software to remove it. Victims pay for the antivirus via credit card and the symptoms of the infection go away.

However, Cisco says, the Trojan does not; it remains and could be reactivated. Separate from the Cisco report, some victims of the exploit report that unauthorized charges appeared on their credit cards after using them to buy the anti-virus software.

Cisco says it perceives cooperation among the security community as increasingly effective in fighting attacks. "One bright spot is that vulnerability and that activity has been off to a slower start this year compared to 2008," the report says. "This could indicate the security community is succeeding in making it more difficult for attacks to take root and grow."

Web sites that are infected to download malware to unsuspecting visitors will increase, the report predicts. These sites represent nearly 90% of all Web-based threats, the report says. Creation of botnets will be a particular goal of this type of malware, it says.

The report recommends that businesses maintain patches to fend off attacks. Educating employees about protecting their own identities and upholding corporate security policies is essential. At the same time, security executives should realize that insiders pose a great threat, especially when layoffs are threatened. Even those surviving layoffs employees may become disgruntled and try to steal data or disrupt corporate networks, the report says.

FILL IN THE SURVEY - AND YOU COULD BE A WINNER: ARN wants to hear from YOU. Tell us how you run a successful business and you could win an adrenaline-fuelled adventure of your choice. COMPLETE THE ARN SURVEY.

Tags Waledacbotnetsconfickermalware

More about Cisco Systems Australia

ARN Directory | Distributors relevant to this article

Comments

Comments are now closed

 

Latest News

07:26AM
Google to build quantum computing processors
07:20AM
Microsoft APC 2014: 21 partners awarded
05:42AM
"Outraged" Apple issues update on celebrity cellphone nude photo breach
04:25AM
Celebrity nude photos scandal a wake-up call for Cloud users
More News
08 Sep
ITIL Foundation (incl. Exam)
10 Sep
CPX 2014
10 Sep
IT Leaders Lunch
10 Sep
Drive greater returns from T&E with mobility - Sydney
View all events