Sunday, December 20, 2009

The Day Before Zero - Malware QA & Botnet Helpdesk Services

Gunter Ollmann, VP of Research for Damballa, has posted two interesting entries on his blog.

He highlights two unique services which are available to criminals looking to spread malware - illustrating just how complex and extensive the malware underground service community has grown.


The Botnet Distribution and Helpdesk Services
To think of botnets as being the domain of a single criminal operator is to seriously underestimate the sophistication of modern cybercriminal operations. “Botnets” are a growing industry with multiple layers of service providers and entrepreneurs hawking their specialized tools and knowledge. Yesterday I covered the botnet service providers that specialize in malware and drive-by-download quality assurance (QA) practices. Today I’ll discuss helpdesk support. Browsing the web and hacking forums will reveal literally hundreds of online botnet malware providers. It’s a competitive business. Not only must these providers compete on a per-feature basis within their malware DIY construction kits, but they must also provide differentiated support for their customers.

Malware QA and Exploit Testing Services –
An integral part of modern cybercrime and the successful release of new botnet malware components lies with quality assurance (QA) – i.e. testing malware samples against current antivirus technologies prior to release, and guaranteeing evasion....the most interesting feature of this service though is the ability to scan malicious infecting payloads. Subscribers to the service can provide the URL(s) of their drive-by-download infector sites and scan them using this service – checking to see whether their malicious javascripts, latest exploit kits and payloads, and shellcode escape detection.

No comments:

Post a Comment