The composition of malware has changed considerably over the last few years. What used to be an independent and solo industry has now transformed into a professional syndicate. As security solution providers, it is our duty to stay abreast of such changes and evolution to alter our strategy. Here are some notable changes that are being witnessed in the malware world today.
Dedicated malware manufacturers and mercenaries
Gone are the days when malware was created by a sole party in a rusty basement or by a trouble seeking software engineer who accidentally stumbled upon an inherent security flaw. Today, malware is created by large teams of people, or nations, for specific purposes. In many cases, the malware is sold to the highest bidder.
Such malware is multi-phased and functions on various system levels. Different strains of malware are used for different purposes and manufacturers focus on each aspect to increase their customer base. There are also underground open-bidding forums where such malware is distributed and exploitation kits are sold. In some cases, buyers require malware for specific purposes and they hire a team of malware writers to create such codes.
Individual malware developers still exist, but in most cases malware authors are organized syndicates. These are similar in nature to professional marketing agencies and their hierarchy levels are on par. What this means is that there are specialized groups that work on each facet of malware distribution.
Versatile and enhanced malware
In the past malware was designed to accomplish a specific purpose. Now malware strains target several objectives simultaneously with enhanced functionality. Such malware not only infects a singular machine, but also utilizes innovative methods to multiply through the infected machine. Furthermore, malware is also attached with highly advanced management consoles. This allows the creator to keep track of what the malware is doing, how and where it is spreading and also what it can do in the future.
Additionally, attackers are increasingly using botnets as a service. A botnet is a network of infected machines that work in conjunction with each other. Malware authors infect machines to create botnets and rent out such botnets to bidders for whatever purpose they desire. This is in stark contrast with earlier strains of malware that were used haphazardly. Since the malware world today operates like a cohesive unit it keeps the IT world on its toes.
Another evolutionary aspect that leads to the ease of proliferation is the nature of the web. Personalized and intrusive ads combined with advanced injection techniques make it simple for attackers to gain access into a machine. The rise of social networks also enhances the feasibility of social engineering techniques. There are other minor evolutions as well but they can only be studied subsequently.
Malware detection today is different from the past because it not only involves the study of the malware, but also the organization behind it. Security vendors consider these aspects for the creation of the best Internet security software. Awareness about such trends plays a key role in the development of malware analysis tools and effective antivirus solutions.