Malware writers mixing up attack tools

Cyber criminals are increasingly employing multiple malware botnets for their attacks, according to a recent report from Symantec MessageLabs Intelligence.

The company said in its monthly security report that through late January and February, researchers spotted evidence that attacks from multiple malware families and botnets were coming from a single source.

Researchers noted that attacks from the Zeus, BredoLab and SpyEye malware all shared common characteristics and signs pointed to a collaborative effort between different malware families.

"During the first two weeks of February, MessageLabs Intelligence identified at least four different polymorphic engines in use by these server-side packers being used to change the code structure of the Zeus, Bredolab and SpyEye malware and to increase the number of variants of each," said MessageLabs Intelligence senior analyst Paul Wood.

"Considering the technical difficulty of maintaining this number of polymorphic engines and that each evolves quickly to generate such a large number of variants across these three families, this is one of the first times that MessageLabs Intelligence has identified malware collaborating on a technical level to this degree and volume."

Over the month, researchers also spotted an increase in the use of PDF files as attack vectors. Symantec noted that PDF attacks rose from 52.6 per cent of targeted attacks to 65 per cent. The company estimates that at the current pace, PDF files will deliver more than three quarters of targeted malware attacks by the middle of this year.

Symantec estimated that last month 1 in every 139 emails sent in the UK contained malware, while spam messages accounted for 81.1 per cent of the total volume.