Seculert Research Lab: The New Trend in “Malware Evolution”

Seculert Research Lab: The New Trend in “Malware Evolution”.

This post by Seculert Research Labs provides an overview of the evolution of Carberp. Carberp is a relatively new botnet which is rapidly evolving into the one of the most sophisticated pieces of malware ever seen.

Some say it will be the successor to Zeus. Whether that happens remains to be seen, but its developers are surely competing for the cybercriminals’ software budget.

Zeus evolves to target online payment providers

Zeus Latest Evolution in Malware Trends – Targets Online Payment Providers.

Trusteer is reporting on the evolution of the Zeus malware. Originally it targeted users performing online bank transactions. It’s now targeting online payment providers like Money Bookers, Web Money, netSpend, and e-gold. These types of companies have millions of users. If one of these users has his or her account looted, what recourse does the person have? After all, these are not banks and are most probably not legally bound to make good to their abused clients.

Pursuing Koobface and ‘Partnerka’ — Krebs on Security

Pursuing Koobface and ‘Partnerka’ — Krebs on Security.

Brian Krebs highlights Nart Villeneuve’s detailed analysis of Koobface. This is the most detailed analysis I’ve read about how one type of botnet thrives.

The entrée point for Koobface is almost irresistible: a link sent from a fake “friend” prompting a visit to a video site that purportedly reveals the recipient captured naked from a hidden web cam. Who wouldn’t follow that link? But for the hapless recipient, that one click leads down a Kafka-esque rabbit hole of viruses and Trojan horses, and straight into the tentacles of the Koobface network.

In a sense, Koobface, while malware, is the opposite of Zeus because the value per illicit transaction is very low, while Zeus’s transaction value is very high.

The operators of Koobface have been able to successfully monetize their operations. Through the use of payper-click and pay-per-install affiliate programs, Koobface was able to earn over US$2 million between June 2009 and June 2010 by forcing compromised computers to install malicious software and engage in click fraud.

Without a victim, particularly a complainant, it is almost impossible for a police force to justify the resources to investigate a case like Koobface. Police officers ask: what’s the crime? Prosecutors ask: what or whom am I supposed to prosecute? In the case of Koobface, it is almost as if the system were purposefully designed to fall between the cracks of both questions.

New preventive and detective controls are needed to combat this new generation of malware. Think about this:

A recent study by Bell Canada suggested that CA$100 billion out of $174 billion of revenue transiting Canada’s telecommunications infrastructure is “at risk.” The same operator measured over 80,000 “zero day” attacks per day targeting computers on its network — meaning, attacks that are so new the security companies have yet to
register them.

Next-generation defense-in-depth includes both preventive and detective controls.

Preventive network security controls must include (1) next generation firewalls which combine application-level traffic classification and policy management with intrusion prevention, and (2) 0-day malware prevention which is highly accurate and has a low false positive rate.

Detective controls must include (1) a Log/SIEM solution which uses extensive contextual information to generate actionable intelligence , and (2) a cloud-based botnet detection service which can alert you to compromised devices on your network.

SpyEye v. ZeuS Rivalry Ends in Quiet Merger — Krebs on Security

SpyEye v. ZeuS Rivalry Ends in Quiet Merger — Krebs on Security.

Brian Krebs today is providing an update on banking Trojan activity. While ZeuS has been in the public eye, another banking Trojan SpyEye seems to be ascending.

In the last several years, it is estimated that the ZeuS Trojan enabled the theft of more than $70 million from nearly 400 organizations.