Blue Coat warns of malware delivery network complexity

Cyber crime is growing more commoditised than previously thought, as malware networks increase in complexity but drop in volume, according to network security vendor Blue Coat Systems.

Blue Coat senior malware researcher Chris Larsen told V3.co.uk that the company's malware research operation, combined with its WebPulse security network, had provided a better look at the inner workings of malware networks.

The vendor's 2011 Mid-Year Web Security Report found that, while unique malware loads have gone up, the number of malware delivery networks has dropped.

Larsen explained that existing malware operators often establish entirely new sites, infection tactics and domains to push malware variants which can be mistakenly viewed as new threats.

"Over the last couple of months we have been able to merge what we thought were independent networks and say they are part of this bigger network," he said.

"We used to think that network A is search poisoning, but then you realise that this guy also does things with Facebook and you start to find out that the bad guys borrow and share ideas."

One side-effect of this sophistication is increased complexity. Larsen said that, as malware operations grow larger and more complex, tracking them down becomes easier for security firms.

Blue Coat specialises in network-based security appliances, and Larsen claimed that the company is uniquely situated to analyse malicious traffic.

"The bad guys are not used to thinking in terms of how they hide their whole network," he said. "Our goal is to identify the characteristics that let us ID a site or server as part of an existing network."

Overall, Blue Coat has found that malware writers favour search engines as the preferred method for attack.

In particular, they are crafting pages to take advantage of image and video searches to lure users into attack pages, a technique known as search poisoning.

The researchers also found that Java has surpassed Adobe Acrobat for attacks, and that malicious ads are becoming increasingly popular for delivering web exploit attacks.