Symantec sees spike in crimeware kits, organized cybercriminals

By Robert Westervelt, News Editor 17 Sep 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The sale of crimeware kits that take the technical work out of setting up and distributing dangerous malware is skyrocketing, according to a report issued by security vendor Symantec Corp.

These single kits have multiple different threats and multiple vulnerabilities that can exploit a smorgasbord of malicious activity. Zulfikar Ramzan, senior principal researcher, Symantec Corp.

Symantec's Internet Security Threat Report confirms the finding of an earlier report from security vendor Finjan, which documented the increasing use of crimeware kits being sold on the black market.

Cupertino, Calif.-based antivirus giant Symantec released its threat report Monday. It covers the threat landscape over the six-month period between Jan. 1 and June 30, 2007.

Symantec said the crimeware kit, MPack was one of the notable security threats that emerged in the first half of 2007. The commercially available black-market attack toolkit can launch exploits for browser and client-side vulnerabilities against users who visit a malicious or compromised Web site, Symantec said.

The list of commercially available kits on the black market is growing. Many of the kits lock the buyer into a support contract as they can be updated according to the latest vulnerabilities discovered. Some standard names are available, including MPack, NeoSploit, IcePack, WebAttacker, WebAttacker2 and MultiExploit toolkits, as well as new toolkits such as random.js, vipcrypt, makemelaugh and dycrypt.

Malware attack techniques: Cybercriminals employ toolkits in rising numbers to steal data: Cybercriminals need less technical expertise to conduct attacks to steal credit card numbers. Most malware at home on U.S. servers: A report from Finjan says more malware is hosted on local servers in the U.S. and Britain than in countries with less developed e-crime law enforcement policies. New hacking technique shields attackers: Attackers are using IP addresses to mask a malicious Web page and avoid detection.

Zulfikar Ramzan, a senior principal researcher at Symantec, said the kits are being sold for as much as $1,000 on the black market.

Symantec believes that MPack was professionally written and developed. The reliability and robustness of MPack implies that it benefited from professional development, Ramzan said.

"It's clear that activity is now being pointed toward more commercial type behavior," Ramzan said. "They're organized entities and even selling support contracts. A lot of these single kits have multiple different threats and multiple vulnerabilities that can exploit a smorgasbord of malicious activity."

There were over 200,000 new malicious code threats in the first half of 2007, according to the Symantec report. Of the top 50 malicious code samples that Symantec saw, two of them targeted online games.

"Attackers are realizing that through different types of malicious code, they can steal virtual currency and then in turn it can be sold in virtual markets for real currency," Ramzan said.

Enterprises are not immune, Symantec said. As much as 4% of malicious activity came from addresses from inside Fortune 100 companies, as some employee computers get turned into bots to churn out spam and malicious code.

"It's further indication that enterprises need to be careful, because many people are not using good computer practices," Ramzan said.

Phishing kits are also on the rise, Symantec said. The toolkits, which contain sample Web pages and email messages, can be purchased on the black market as well. Symantec blocked over 2.3 billion phishing messages, an increase of 53% over the last half of 2006. Three phishing toolkits were responsible for 42% of all phishing attacks observed by Symantec in the first half of 2007.

"The phishing arena is growing and we're seeing pricing vary for these ready made kits depending on what they can do," Ramzan said.

Tags: Malware, Viruses, Trojans and Spyware,  Hacker Tools and Techniques: Underground Sites and Hacking Groups,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated Hacker Tools and Techniques: Underground Sites and Hacking Groups Metasploit Project acquisition ups ante for penetration testing market Successful rogue antivirus hinges on social engineering DEFCON survey suggests hacker community on vacation DoD urges less network anonymity, more PKI use New hacker skills optimize revenue Maturing cybercriminal economy buoyed by business savvy hackers Juniper pulls ATM hacking presentation from Black Hat Botnet platform helps cybercriminals bid for zombie PCs Man pleads guilty in online banking hacking scam ATM malware lets attackers take over machines

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary