Malware Kits are Going Open Source
Viruses and Trojans are no longer malicious attacks perpetrated by pimply faced geek hackers for giggles and thrills. Malware has become a big business. Most malware is now written for the explicit purpose of capturing and selling the personal and financial data of the millions of users on the Internet and is becoming increasingly sophisticated.
Emails with links to infected files are old hat, most infections these days occur when malicious software is automatically downloaded to user computers without their knowledge while browsing infected websites. Often malware is disguised as legitimate software / security updates and people are misled by messages via Facebook, etc into downloading them. These techniques are causing an exponential growth in infection according to RSA, a leading security company. The security firm detected 19,102 Trojan infections in August 2009 as against only 613 Trojan infections in August 2008.
As the complexity of design increases most criminals find that they do not have the technical skills to write their own malware and turn to Do-It-Yourself kits that contain everything needed for writing Viruses and Trojans for those who don’t have the know how to write their own.
A top notch malware kit can be worth a lot of money. The Limbo Trojan kit sold for about $350 at the peak of its popularity and the Zeus Trojan kit, which currently dominates the market sells for anywhere between $1,000 to $3,000. However, the dominance and popularity of a kit rarely lasts long as security companies soon fight back by trying to decipher the code and create general heuristic detection routines for anything created using the kit.
Some of the kit makers with waning popularity are trying to stay alive by releasing their source code. By giving free access to criminal developers to their code they can get a huge pool of talent working on their code and adding and improving features. Of course, the flip side is that the security companies also get their hands on the code making it easier for them to create detection routines.
Tags: malware, open source, security, trojans, viruses