Malware threats on the rise

Security vendors see commercialization of vulnerabilities and something else new: ransom malware

Vulnerability auctions, do-it-yourself malware kits and ransomware are some of the security trends that have emerged so far this year, according to two new security reports.

“Web Security Trends Report,” a quarterly report by Finjan Software’s Malicious Code Research Center, focuses on the commercialization of malicious code. Sophos’ “Security Threat Management Report” examines the top malware threats in addition to new ones such as ransomware. Computers infected with ransomware block users from accessing their files and display menacing messages demanding money.

A startling trend discovered by Finjan’s security team involves hackers participating in vulnerability auctions in which they sell newly discovered security vulnerabilities to criminals rather than disclose them to vendors who could develop patches to fix the flaws.

Web sites such as Full Disclosure — well-known in the security community — offer auctions in which the highest bidder buys previously unknown vulnerabilities. The report shows examples of a hacker offering to sell information about flaws in Microsoft’s Internet Explorer Version 7.

There is also a market for products that package vulnerabilities into easy-to-use toolkits, said Yuval Ben-Itzhak, chief technology officer at Finjan. The industry has entered an era in which vulnerabilities are becoming commercialized, he said.

“Vulnerabilities are not just being used by technical people,” he said. Malware toolkits enable nontechnical people to exploit vulnerabilities.

A Russian Web site offers one such product, Web Attacker Toolkit. It lets individuals embed malicious code into their Web sites. Anyone who buys the kit can create a malicious Web site that installs spyware on victims’ machines when they visit the site. The product, which costs $100 to $300, is available with support and update services like any legitimate software product.

In addition, Finjan’s research shows that some spam now contains malicious content or links to malicious Web sites and can be used to carry out blended attacks. To combat those new trends, people should consider using behavior analysis software to determine whether software code is legitimate before allowing it into a network, Ben-Itzhak said.

Meanwhile, members of Sophos’ security team are seeing malware writers shift from mass attacks on general Internet users to focused attacks on small, specialized groups of Internet users, said Ron O’Brien, senior security analyst at Sophos. One of their weapons is ransomware.

One example is Zippos, which emerged in March. It encrypted user files and demanded that users pay $300 to stop the attack. Ransom-A prevented its victims from accessing their computer data until they paid a ransom of $10.99 via Western Union. It threatened to delete files every 30 minutes, the Sophos report states.

Several Sophos customers have been infected with ransomware, O’Brien said. However, the firm’s experts analyzed ransomware code and discovered the password to unencrypt locked files. Sophos then posted the password on the company’s Web site to help other victims.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.


  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group