computerwoche.de

Archiv

Latest malware trick: outsourcing quality assurance

15.07.2009
Creators of enlisted the botnet as a tool to spread malware of their own, marking the first time Conficker was made available for hire, according to Cisco's mid-year security report.This was symptomatic of a wider trend Cisco noted of malware purveyors using established business practices to expand their illegal enterprises. Cisco likened the arrangement between Waledac and Conficker to a partner ecosystem, a term Cisco uses to describe its collaboration with other vendors.

Podcast: Cisco's Peterson talks about the new business of cybercrime

Waledac used the Conficker distribution channel to send spam and to expand its own , Cisco says.

Malware distributors are also outsourcing their quality assurance programs to services provided by the likes of virtest.com, Cisco says. For a fee the site tests malicious files against the latest versions of 26 virus-scanning software products to determine whether the anti-virus software can detect the malware.

Cisco says running the malware through this screening results in malware that is 10 to 20 times more effective than it would be otherwise, and frees up the attackers to work on other products rather than test how detectable their current exploits are.

The report pronounces rogue anti-virus the cybercrime product of the year. The software infects victims' PCs with a Trojan then offers to sell them anti-virus software . The Trojan displays warnings that a virus has been found on the machine and recommends anti-virus software to remove it. Victims pay for the antivirus via credit card and the symptoms of the infection go away.