Collusion confounded – malware mafia join forces to intensify Internet attacks

COMMENT ON THIS ARTICLE

Creators of malware – worms, trojan horses, spyware, adware – are teaming up in the underground to propagate Internet threats at an even faster rate, according to a Canadian researcher.

“What we’re seeing is a concerted effort to share techniques,” says Brian Grayek, vice-president of threat research at CA Inc. Headquartered in Islandia, NY, CA is a provider of information technology (IT) management software.

Barely a year ago, if a malware technique was proven successful, it might still have been weeks or even months before another attacker adopted that approach, says Grayek.

“Now, when we observe a new occurence, we see it happen suddenly all over the world. That was not the case three months ago, or even last year.”

Authors of malware are sharing their methods, and using common systems and engines to transmit these various forms of hostile, intrusive and annoying software or program code, he says.

They communicate their malware strategies in three main ways, says Grayek.

First, malware authors converse on Internet relay chat (IRC) – a synchronous conferencing channel for group communication – where they share techniques and plans of attack.

Second, some are brazen enough to flaunt their conquests, strategies and techniques on personal Web sites. Grayek says this method is usually more common in countries where the IT security laws are relatively lax.

Third, malware creators locate one another through old-fashioned networking – in other words, one connection upon another is created until a large informal group can start congregating and sharing ideas.

“These groups have been built over the past year and a half, and now we’re seeing the results of their efforts,” says Grayek.

There’s a financial incentive to get together and share techniques that work, he says, given the potentially large payouts to be made in the Internet attack business.

But besides sharing approaches so that malware attacks propagate faster, creators of harmful code are recycling elements of past successes and incorporating them in new, more robust and dynamic entities, he says.

For instance, the “hugely successful” approach employed by ‘stration’, a family of computer worms that produce new variants in order to avoid detection by anti-virus applications, is now observed in phishing attacks, says Grayek. “If the image in the phishing message is slightly changed, it can keep anti-spam and anti-malware detectors from catching it.”

Internet threats surfacing today tend to stem from successful attacks we’ve seen from the past, rather than from new efforts or less successful threats,” says James Quin, senior research analyst at Info-Tech Research Group in London, Ont.

“We’re seeing an evolution of successful malware. All in all, that means the threat level is raised a little bit.”

Despite this, Quin doesn’t believe the current plan of attack to recycle successful malware code represents a significant problem to IT security. “The threats are those we already know about, and for which we have virus definitions, and are able to recognize.”

The attackers’ ability to inflict potential damage will be minimized because IT systems will be that much more in tune with catching these threats, he says.

Quin agrees financial incentives play a major role in Internet attacks nowadays, thereby shifting the underlying motivation. “Attack trends, in general, are moving towards ones that are financially motivated, than ego motivated.”

“The ‘talented’ bad guys are diverting their efforts away from generic threats, such as writing viruses and worms, and putting their attention to targetted attacks that yield more monetary gain.”

COMMENT ON THIS ARTICLE

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now