Malware tendencies
Panda Software has published the PandaLabs 2005 Annual Malware Report, an analysis of developments in the malware panorama over the last year, and a reflection on the likely trends of 2006. In this report, PandaLabs underlines the changing tendency in malware creation — it shows greater professionalization of organized cybercrime and highlights a key trend in IT security in 2005, the rise of targeted attacks and custom designed malware.
One of the main observations of this annual report is the professionalization of malware creators, who are now largely motivated by financial gain. “The time in which malware creators were seeking notoriety and recognition for their creations has long since gone,” the report states.
“Cyber-crooks, motivated by profit, have adapted well to the new environment — they are now looking to silent infections that allow them to operate without much noise being made in the media,” explains Luis Corrons, director of PandaLabs. “This means potential victims do not have their guard up and are more susceptible to theft of money and all types of information.”
This situation represents a new business model for malware, with an alliance of developers, distributors and companies making use of this infrastructure. A clear example of this is the more than 10,000 unique variants of new bots (“robots,” or programs that infect computers and await commands from their creator, usually via IRC) detected by PandaLabs in 2005.
“Bots, along with custom designed malware, are the main tools used by these new criminals that enable them to tackle highly complex operations,” explains Luis Corrons. “These bots infect extensive networks that can be rented out on the black market, to be used for anything from denial of service attacks to silently installing other types of malware.”
The report also looks at one of the major IT security stories of 2005 — an industrial espionage case in Israel in which a series of companies fell victim to targeted attacks using specially-crafted malware.
“The infamous case in Israel is unfortunately no more than the tip of the iceberg,” says Luis Corrons. “Other companies around the world could be targets at this moment — the fact that traditional antivirus companies don’t have samples of the malicious code means that signature-based protection is useless. This means proactive protection, such as TruPrevent(TM), is necessary, as it is an effective way of fighting against this new branch of cybercrime.”