Over the past several years there has been an outbreak of malware on the Internet. The increased presence of malware on the internet at its base mirrors the change in its creators from “Hackers” to “Cyber Criminals”. The driving factor in this change has been profitability and a low risk of prosecution for cyber criminals. With large sums of money involved, the cyber criminals are able to invest in the software development infrastructure used by major corporations today.

The development of good malware begins with an analysis of software vulnerabilities. The cyber criminals need only follow Microsoft’s monthly security releases to gain access to software vulnerabilities. Once a month (more often if serious threats are found), Microsoft releases security patches. A “patch” is a fix Microsoft sends out to correct something in their software. Microsoft Partners, like DeckerWright Corporation, receive advance notification of the patch release and what it is patching. The cyber criminals use this information as a basis for developing software since they know that only about 25% of all PCs are patched within 30 days of the release of the patch by Microsoft. This means that Microsoft documents a vulnerability, provides the method, and invariably opens a window in which malware may be launched with a high likelihood of infecting large numbers of computers.

The development of the malware is accelerated by large libraries of code available on the internet to speed the development of the malicious software. Recent changes in the “black” market for code have started a pay for code model, where the best malware code is “licensed” by other cyber criminals. With the building blocks easily obtained, code can quickly be generated by software developers around the world.

The final step that makes today’s threats more “commercial” grade is systematic testing against most anti-virus and anti-spyware software. Test centers are set up to see if the new malware can be detected by the latest anti-virus and anti-malware software. By testing the software to ensure it cannot be stopped or removed by anti-virus software, the malware can increase its chances of success.

Once installed on a victim’s computer the latest malware doesn’t generate tell-tale signs of its existence, as in prior years. Gone are the pop-ups and computers running really slowly. The object is to control the victim’s computer at will to perform tasks as needed. The value of the malware is its ability to remain on the computer for extended periods. Benefits to the cyber- criminal include the capture of user data and the ability to use the computer as a platform for other crimes. Other crimes include sending out spam e-mails, denial of service attacks (crashing web sites), cooperative computing, data storage and data relay. Individual computers grouped into large “robot” networks can be easily harnessed by cyber criminals as part of money making operations. “Robot” networks can be “rented” out for tasks by other cyber criminals. Network sizes for some of these networks may exceed 1 million computers.

DeckerWright Corporation works with businesses in New Jersey to develop strategies to reduce the risk of infection by malware. We actively work with the Monmouth County Prosecutors office in educating the business community on the risks. Steps to help prevent cyber criminals access to your systems include employee education, keeping Microsoft patching current, maintaining anti-virus software, restricting web site access to approved web sites, and using Intrusion Protection software and Unified Threat capabilities in firewalls. The next article is this series of articles will discuss “zero day threats”.

About the Author:
Marshall Wright of DeckerWright Corporation has been providing New Jersey businesses with HARDWARE, SOFTWARE & NETWORKING technology consulting services since 1984.

For more information please contact DeckerWright.