Malware mimicking legitimate business

Some crime-ware writers offer service contracts

Malware development is now closely mimicking the legitimate business world, according to Symantec's latest internet security threat report.

Criminals are increasingly outsourcing parts of the malware process, be it writing code or developer tools, distributing the finished product or even setting up support services for organisations that buy the software.

Some crime-ware writers also offer service contracts, so that if one piece of malware is blocked another is sent to customers immediately.

"It is fascinating how the market has developed. It has been a phenomenal 12 months," Richard Archdeacon, Symantec's technical services director, told vnunet.com.

"It is completely business-oriented. They supply product in the same way as any software business."

Archdeacon described how malware groups are investing in software automation to make generation and distribution as easy as sending spam, and that cottage industries are springing up to find vulnerabilities in specific software.

All this has made life much tougher for the security software industry. Symantec said that new malware threats rose from 74,482 in 2006 to 499,811 in 2007.

"It is like trying to fight a competitor that's changing its products every week," said Archdeacon. "The only thing now is to update tactics to disrupt their business and break the business model."

Further evidence of the commercialisation of the malware industry can be seen in price differentials in the value of stolen data.

For example, a compromised US credit card can be had for as little as 40 cents, while prices for EU and Asian cards can go as high as $20.

The Symantec report, which covers July to December 2007, found a further decline in the use of worms to infect computers in favour of Trojan attacks that allow for full control of a PC.

There has also been a return to methods not seen since the beginning of the computer age, according to Archdeacon.

"The first viruses were distributed on floppy discs, and this technique is back in fashion, although this time it's via USB sticks," he said. "We have found code that targets those devices and spreads that way."

Financial sites still make up the bulk of targets for phishing attacks, but attacks on ISPs now make up 18 per cent of the total.

This is because the web space that often comes with such accounts can be used to host valuable phishing sites and email accounts for spam.