Home / Blogs

The Crimeware Infection Lifecycle

Gunter Ollmann

The distribution and installation of malicious and unauthorized software has evolved consistently throughout the 21st Century. The evolutionary path from annoying viruses, to destructive malware and on to financially driven crimeware, is well documented and can even be conveniently traced via the parallel evolution of technologies that were designed to counter each new aspect of the then contemporary threat.

While the individual technologies embedded within modern crimeware have evolved incrementally — and some people could successfully argue that the rate of innovation has slowed down over recent years — the diversity in which these technologies are applied to fraudulent and criminal ventures has accelerated. Or, to put it another way, professional cyber criminals have been increasingly inventive in ways in which to apply a "standard" toolset of malware features to the way they conduct their criminal ventures.

As traditional malware features continue to consolidate into professionally maintained and purchasable crimeware construction packs with 24×7 support and guaranteed "Fully Undetectable" (FUD) service level agreements, much of the newest innovation has occurred in the methods and mechanisms that install, update and regulate the control of the crimeware installed upon the victims computing device.

Misinterpretation of legacy malware propagation processes and failures in understanding the innovation and dynamism of modern crimeware installation techniques pose a significant risk to businesses facing off against an onslaught of highly motivated cybercriminals. Incorrect assumptions and an outdated understanding of the threat have resulted in organizations pursuing ineffective protection strategies and a bewildered reactive response to successful breaches.

Many crimeware victims are unaware of the pace at which the crimeware installation lifecycle completes and the ways in which Droppers, Downloaders and remote control agents are wielded by their criminal operators.

The federated approach to crimeware delivery further compounds the problem. Instead of having to combat one crimeware agent at a time at the host level, multiple malicious packages from multiple criminal entities are being dropped with each instance of a system compromise. Today, over 1-in-5 botnet inflicted computers are under the simultaneous remote control of more than one criminal operator.

I'm happy to announce that today we've made available the whitepaper "Behind Today's Crimeware Installation Lifecycle”. The paper examines the delta between legacy malware installation techniques and those currently employed by professional cybercriminals.

By understanding the modern crimeware installation lifecycle and exposing the reasoning behind each criminal tactic, organizations under the crosshairs of their attackers will better appreciate the limitations of the security technologies they currently deploy and will ideally be armed with the intelligence they need to develop more robust protection plans and incident response handling strategies.

By Gunter Ollmann, CTO at NCC Group Domain Services. More blog posts from Gunter Ollmann can also be read here.

Related topics: Cyberattack, Cybercrime, Malware, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

The Emotional Cost of Cybercrime

Why I Wrote 'Thinking Security'

Regulation and Reason

In Network Security Design, It's About the Users

RIPE 71 Meeting Report

Related News


Industry Updates – Sponsored Posts

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

The Deep Web and the Darknet - The Nether Regions of the Internet

Introducing the Verisign DNS Firewall

TLD Security, Spec 11 and Business Implications

Verisign Named to the Online Trust Alliance's 2015 Honor Roll

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Key Considerations for Selecting a Managed DNS Provider

Verisign Mitigates More DDoS Attacks in Q1 2015 than Any Quarter in 2014

Verisign OpenHybrid for Corero and Amazon Web Services Now Available

Afilias Supports the CrypTech Project - Ambitious Hardware Encryption Effort to Protect User Privacy

Public Sector Experiences Largest Increase in DDoS Attacks (Verisign's Q4 2014 DDoS Trends)

Help Ensure the Availability and Security of Your Enterprise DNS with Verisign Recursive DNS

Verisign iDefense 2015 Cyber-Threats and Trends

What's in Your Attack Surface?

Sponsored Topics