HP warns that malware writers getting harder to track and combat

An increasingly elusive and sophisticated class of online attack kits is posing a far greater threat to enterprises than most realise, according to researchers with HP.

Jason Jones, an ASI team lead for HP's DV Labs security division, told V3 that exploit tools, such as the Blackhole platform, are becoming harder to track and detect for security researchers and anti-malware vendors.

Through the use of techniques such as obfuscated code in Javascript, attackers are able to hide their activities and target recently disclosed vulnerabilities which have yet to be patched on many systems.

In some cases, researchers are finding attacks capable of infecting as much as 80 per cent of the systems targeted.

"They are able to hide the exploit code from detection while its passing over the wire," Jones explained.

Further complicating matters, said Jones, was the growing complexity and sophistication of the malware market. As cybercriminals invest more money in attack kits, the malware developers are able to provide improved management and support systems, such as regular software updates, analytics and web management portals.

The growth is occurring at a time when many firms are preoccupied with the growth in advanced persistent threat (APT) attacks. With incidents such as the Shady RAT and Flame outbreaks dominating headlines,

Jones believes that by fixating on APTs and zero-day attacks, many firms are leaving themselves open to infections from the far more prevalent crop of web-based exploit kits.

IT chiefs often worry about the threat of so-called zero-day attacks but forget to install patches for known vulnerabilities, leaving them at far greater risk of attack, he said.

"Making sure you are patched first and then worrying about the unknown would be a better mindset."