Cybercrime services are ramping up to provide one-stop-shops to meet demand from fraudsters, according to researchers...
from security firm Trusteer.
While services such as anti-virus (AV) checkers, malware encryption and malware distribution have existed for several years, researchers are seeing more one-stop services appear.
In addition to infection services, at least one group is providing polymorphic encryption and anti-virus checking in a single package.
“Some malware services such as AV checking and encryption are becoming a commodity, driving cybercriminals to consolidate services to stay competitive and introduce new offerings,” said Amit Klein, chief technology officer at Trusteer.
The effectiveness of these services is proven by the fact that malware is poorly detected by AV software, he said.
An MRG Effitas Online Banking Security Test released in June 2011 found that the average AV detection rate for Zeus malware was less than 40% in 2010.
This is because AV detection mechanisms are primarily file signature-based, which assumes it can keep pace with new malware because introducing new malware variants with additional functionality takes time and effort.
But, said Klein, cybercriminals are using encryption services that can change a file's signature without changing the underlining code functionality, and AV checkers, which scan malware files with the up-to-date versions of the most common AV tools, are used to ensure encryption is indeed successfully evading detection.
Finally, to complete the process, he said, infection services take care of distribution either by creating a botnet of hosts that could be infected at will or by inserting exploit code to sites and routing victims to these sites to infect them using drive-by-downloads.