05 Nov 2013

The toxic truth of mobile malware

In these days of the cloud era, everything is being provided as a service, even malware. As fraudsters increasingly target mobile technology, users must keep a step ahead of them.

You know about software-as-a-service, but have you heard of malware-as-a-service? It’s just one facet of an underground market that has become more agile and modular, where even non-technical clients can find success. RSA Anti-Fraud and Cyber Crime Senior Technology Consultant Ross Irvine explains the state of the market and ways customers can protect themselves.

The Buzz: How has the malware market become commoditised?

Ross Irvine: It’s been commoditised for quite some time. Professionally produced and supported kits are reasonable easy to purchase, meaning the days of breaking out your favourite coding development environment and rolling your own malware are gone. The malware software market is just like any software solution space in that feature sets and ease of use are major selling points of each kit.

While we have seen a decline recently, malware-as-a-service continues to be available, which allows you to completely outsource your infection point, exploit kit management, command and control and drop zone hosting to a third party for a monthly fee.

If you combine the above services with the usual software maintenance and support costs charged by these groups, you then have a software delivery model that is similar to most legitimate software organisations.

The Buzz: Tell us about some of the more intriguing examples of banking malware instances. Ross Irvine: The introduction of the Hand of Thief Linux-based malware is a relatively uncommon and interesting shift in the malware market. Malware writers target systems where they can see a return on investment, and traditionally this has been Windows machines purely due to market share. To read the full article, visit the Buzz Magazine.
Top