AV companies losing cybercrime fight

Increasingly sophisticated cross-platform malware making life more difficult
Kerry Butters

November 8, 2011

Organisations are failing to recognise how sophisticated malware has become and are therefore more likely to fall victim to it, a report by Damballa states.

Whilst in the past, the installation process used by malware was relatively straightforward and easy to understand, this is no longer the case.

Malware can be more accurately called crimeware these days, due to the increasing use of malicious software for monetising activities.

“The breadth and depth of malicious technologies and cybercrime services that are on offer – for sale, rent or hire – is staggering, and the list continues to grow daily,” Damballa warn.

Malware also has the luxury of being able to infect a variety of devices these days, rather than just a PC, and this means that cyber criminal activity will continue to grow.

Whilst in the past, malware could be picked up and cleaned once the AV vendors had discovered it, these days more than one piece of malicious software is installed at a time.

Once the original infector has done its job, downloading more files for various purposes, often it will be automatically disabled.

The additional malicious files will have stolen data, such as licensing strings and authentication information, within seconds of installation and will relay the files back to the CnC server.

Malware has evolved this way mainly in order to avoid detection, according to Damballa.

Many malware infections do so by cleaning up initial infection components and then downloading updates to introduce new files, in some cases on a daily basis.

This means that even when the victim finds an infection, they may clean this without being aware of multiple instances of crimeware installed on their machine.

This means that cybercriminals firmly have the upper-hand, Damballa say.

“As the security industry strives to counter the threat in whack-a-mole fashion, the cybercriminals will continue to innovate and streamline their operation,” they warn.

In addition to the dropper and downloader aspects of malware continuing to become more personalised to suit the victim, botnets and CnC servers are becoming increasingly more difficult to shut down.

Although authorities have become better at shutting down botnets, cybercriminals have found ways to ensure that their servers have back-up systems that are difficult to track down.

Cloud-based AV solutions may seem like the answer to many, but Damballa say that they have already seen families of crimeware that can ‘lock’ a system to ensure that the malicious software can’t function on anything other than the victim computer.


Post a comment

Your email address will not be published. Required fields are marked *

Visited 1568 times, 1 so far today