Hackers Turn To Open-Source Models - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:05 PM

Hackers Turn To Open-Source Models

The notion of collaborative communities works for the bad guys, too.

Hackers have borrowed the same open-source development techniques used to build Firefox, Apache, and Linux as they collaborate on malware projects, a security company's researchers claimed Monday.

The McAfee Avert Labs researchers who contributed to the debut issue of the company's "Sage" security journal laid out their case in several articles, ranging from one on open-source software in Windows rootkits to another on open-source and profit.

In fact, even though attacks have shifted to a for-money model in the last few years, open-source methodologies have become de rigeur, said Dave Marcus, the security research manager for Avert.

"There is financial incentive for [hackers] to share code," said Marcus. "He wants to drop as many bots as possible, so he wants the most effective bot possible. They don't care if they're all using the same bot, since they all have different bot networks they're selling."

Although it's impossible, said Marcus, to figure out which came first -- open-source development techniques or the move to criminality -- it's clear that by copying open-source development tactics, attackers have created an explosion of malware.

In particular, McAfee's researchers finger the availability of source code for the rapid growth in the number of bots, the small programs which control previously-compromised computers. "Without large-scale source code sharing, we would not see the handful of massive families that we have today," wrote Igor Muttik, a senior research architect with Avert in "Sage."

Bolting on new pieces to existing malware is another way hackers use open-source methods to improve their work, said Marcus. "If they want to use some new method of propagation, they can just compile it in a separate module, then simply call that module. It really allows them to leverage the power of open-source."

Because it's separated from the general code, a module can be easily reused. The practice, although new, has already delivered results, McAfee contended.

The release of the first Windows kernel mode IRC bot in April of this year "would not have been developed as quickly without the preexisting kernel-level network sockets code released on www.rootkit.com," wrote Michael Davis, a research scientist at Avert. "This public code allowed the author to easily and quickly recreate the functions for interoperating with the IRC protocolwithout specialized knowledge of the Windows kernel."

Other open-source methodologies put into play by malware writers, said McAfee, include dedicated version control systems, multiple contributors, regulated testing, and defined release schedules.

Not everything is communal, Marcus admitted. Vulnerabilities, especially so-called "zero-day" bugs that haven't yet been patched, can have considerable financial value, and are closely guarded secrets, or if shared with others, come at a price.

"Frankly, they've always worked in a distributed development model," said Marcus, talking of hackers. "But the anonymity of an open source-style process is very appealing to them."

Not to mention the money.

"They figured out that it they applied a business-like development model to what they did, that they could make money," Marcus said.

McAfee's "Sage" can be downloaded as a PDF file from the company's Web site.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2019 State of DevOps
2019 State of DevOps
DevOps is needed in today's business environment, where improved application security is essential and users demand more applications, services, and features fast. We sought to see where DevOps adoption and deployment stand, this report summarizes our survey findings. Find out what the survey revealed today.
DeveloperWeek NY and MongoDB World Tackle Transformation
Joao-Pierre S. Ruth, Senior Writer,  6/25/2019
GDPR One Year Later: Was the Hype Worth It?
Guest Commentary, Guest Commentary,  6/19/2019
Register for InformationWeek Newsletters
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll