3 min read

Organized Malware Factories Threaten Internet Users, Study Says

The industrialization of malware production will make it tougher for corporate IT security departments to stay ahead of hackers.
Spam, malware, phishing, and other forms of cyberattacks will likely increase in 2007 as more cybercriminals organize into sophisticated manufacturing and distribution networks that mirror in structure the computer industry's legitimate production channels, according to a study released Monday.

The study, authored by IBM, warns of the emergence of a so-called "exploits-as-a service" industry. "Managed exploit providers are purchasing exploit code from the underground, encrypting it so that it cannot be pirated, and selling it for top dollar to spam distributors," the report says.

The industrialization of malware production will make it tougher for corporate IT security departments to stay ahead of the hackers, says an IBM researcher who helped author the study.

"With this whole infrastructure that these criminal organizations are building they can not only target these attacks, they can build custom malware to be used against you. Meaning the probability of you being affected by a piece of malware no one has ever seen before is much higher today than it ever was before," says Gunter Ollmann, director of security strategy at IBM's Security Systems unit.

To effectively deal with these threats, security systems need to be less reactive and more proactive in sniffing out malware, Ollmann says. In practice, that means switching from signature-based systems that look for a particular, known string of code within a file, to behavioral-based systems that focus more on what a piece of code is doing. "If something is writing to the hard drive, and you don't know why, then you've got something really bad," says Ollmann.

The report, developed by the IBM Security Systems' X-Force research team, says attacks on Web browsers also will increase in 2007 -- and warns that the latest security patches from Microsoft and other developers may not be effective. That's because many hackers are using older exploits for which security departments may no longer be on guard.

The most popular exploit used last year on the Internet to infect Web browsers with malware was for Microsoft's MS-ITS vulnerability (MS04-013). That exploit was actually developed in 2004.

Making things even tougher for IT security administrators in 2007 is the fact that an increasing amount of spam will be image-based, which is more difficult to detect. The study says image-based spam accounted for more than 40% of all spam messages generated in the fourth quarter of 2006, compared with less than 5% in the first quarter of 2005. Image-based spam uses pictures of letters to convey its message, rather than actual text characters that can be read by anti-spam software.

By the way: Chances are that e-mail in your inbox bearing the subject line 'Re: Hi' is spam. According to the study, that's the come-on that was used most frequently by spammers in 2006. It was followed in popularity by 'Canadian Online Drugstore' and an empty subject line, according to the report. "You'd hope most people would be wise to those by now," Ollmann says, "but not everyone is."