The discovery of a highly sophisticated malware network is leading some security firms to reshape their view of cyber crime operations.
Known as Shnakule, the operation employs a massive network of servers to attack sites as well as compromised pages to exploit vulnerabilities and infect users' computers.
Shnakule spans a number of attack vectors and is believed to have been used for multiple attacks, with active servers ranging from hundreds to thousands of systems at a time.
Steve Schoenfeld, vice president of product management and product marketing at Blue Coat, told V3 that his firm has been tracking the Shnakule operation for a number of months through its WebPlus security networks.
He said the company's findings defy conventional knowledge of how malware and cyber crime operations work.
Attacks that had previously appeared to be isolated events, are now believed to be the work of various systems operating within the cyber crime network. Blue Coat estimates that such networks will be responsible for as much as two-thirds of all attacks in 2012.
"Shnakule is an organisation of servers, it is an infrastructure more than anything," Schoenfeld explained.
"They may be doing the same attacks, but they have a well-built infrastructure to obfuscate it."
To combat such large-scale operations, Blue Coat believes vendors will need to take a wider approach to analysing attacks.
Rather than looking to block attacks based on the individual activity of a site or domain, Blue Coat believes firms will need to take a wider approach and single out servers and domains that have been connected with malicious networks in the past.
Schoenfeld said that by taking such an approach, security networks can identify and prevent exploits from malicious servers and domains before an attack is launched. Blue Coat refers to the practice as "negative day" security.
"In addition to behavioural technologies and reputation, we employ techniques to understand the infrastructure," he explained.
"We can block it because it is coming from an infrastructure whose entire purpose is malicious."