Wednesday, May 18, 2011

Behind Today’s Crimeware Installation Lifecycle


The distribution and installation of malicious and unauthorized software has evolved consistently throughout the 21st Century. The evolutionary path from annoying viruses, to destructive malware and on to financially driven crimeware, is well documented and can even be traced through the parallel evolution of technologies designed to counter each aspect of the then contemporary threat.

While the individual technologies embedded within crimeware have evolved incrementally – and some people argue today that the rate of innovation has slowed down over recent years – the diversity in which these technologies are applied to fraudulent and criminal ventures has accelerated. Or, to put it another way, professional cyber criminals have been increasingly inventive in ways in which to apply a “standard” toolset of malware features to the way they conduct their criminal ventures.

As traditional malware features continue to consolidate into professionally maintained and purchasable crimeware construction packs with 24x7 support and guaranteed “Fully Undetectable” (FUD) service level agreements, much of the newest innovation has occurred in the methods and mechanisms that install, update and regulate the control of the crimeware installed upon the victims computing device.

Misinterpretation of legacy malware propagation processes and failures in understanding the innovation and dynamism of modern crimeware installation techniques pose a significant risk to businesses facing off against an onslaught of highly motivated cybercriminals. Incorrect assumptions and an outdated understanding of the threat have resulted in organizations pursuing ineffective protection strategies and a bewildered reactive response to successful breaches.

This paper examines the advancements of legacy malware installation techniques and those currently employed by professional cybercriminals. By understanding the modern crimeware installation lifecycle and exposing the reasoning behind each criminal tactic, organizations under the crosshairs of their attackers will better appreciate the limitations of the security technologies they currently deploy and will ideally be armed with the intelligence they need to develop more robust protection plans and incident response handling strategies.


Hat-tip to Damballa for the whitepaper.

No comments:

Post a Comment