Home / Blogs

The Crimeware Infection Lifecycle

Gunter Ollmann

The distribution and installation of malicious and unauthorized software has evolved consistently throughout the 21st Century. The evolutionary path from annoying viruses, to destructive malware and on to financially driven crimeware, is well documented and can even be conveniently traced via the parallel evolution of technologies that were designed to counter each new aspect of the then contemporary threat.

While the individual technologies embedded within modern crimeware have evolved incrementally — and some people could successfully argue that the rate of innovation has slowed down over recent years — the diversity in which these technologies are applied to fraudulent and criminal ventures has accelerated. Or, to put it another way, professional cyber criminals have been increasingly inventive in ways in which to apply a "standard" toolset of malware features to the way they conduct their criminal ventures.

As traditional malware features continue to consolidate into professionally maintained and purchasable crimeware construction packs with 24×7 support and guaranteed "Fully Undetectable" (FUD) service level agreements, much of the newest innovation has occurred in the methods and mechanisms that install, update and regulate the control of the crimeware installed upon the victims computing device.

Misinterpretation of legacy malware propagation processes and failures in understanding the innovation and dynamism of modern crimeware installation techniques pose a significant risk to businesses facing off against an onslaught of highly motivated cybercriminals. Incorrect assumptions and an outdated understanding of the threat have resulted in organizations pursuing ineffective protection strategies and a bewildered reactive response to successful breaches.

Many crimeware victims are unaware of the pace at which the crimeware installation lifecycle completes and the ways in which Droppers, Downloaders and remote control agents are wielded by their criminal operators.

The federated approach to crimeware delivery further compounds the problem. Instead of having to combat one crimeware agent at a time at the host level, multiple malicious packages from multiple criminal entities are being dropped with each instance of a system compromise. Today, over 1-in-5 botnet inflicted computers are under the simultaneous remote control of more than one criminal operator.

I'm happy to announce that today we've made available the whitepaper "Behind Today's Crimeware Installation Lifecycle”. The paper examines the delta between legacy malware installation techniques and those currently employed by professional cybercriminals.

By understanding the modern crimeware installation lifecycle and exposing the reasoning behind each criminal tactic, organizations under the crosshairs of their attackers will better appreciate the limitations of the security technologies they currently deploy and will ideally be armed with the intelligence they need to develop more robust protection plans and incident response handling strategies.

By Gunter Ollmann, Chief Technology Officer at IOActive. More blog posts from Gunter Ollmann can also be read here.

Related topics: Cyberattack, Cybercrime, Malware, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

Smokescreening: Data Theft Makes DDoS More Dangerous

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Joining Forces to Advance Protection Against Growing Diversity of DDoS Attacks

Why Managed DNS Means Secure DNS

Rodney Joffe on Why DNS Has Become a Favorite Attack Vector

Motivated to Solve Problems at Verisign

Diversity, Openness and vBSDcon 2013

Neustar's Proposal for New gTLD Collision Risk Mitigation

IT Project Management: Best Practices in Small-Scale Engagements

Sponsored Topics