Malware threats on the rise

Security vendors see commercialization of vulnerabilities and something else new: ransom malware

Vulnerability auctions, do-it-yourself malware kits and ransomware are some of the security trends that have emerged so far this year, according to two new security reports.

“Web Security Trends Report,” a quarterly report by Finjan Software’s Malicious Code Research Center, focuses on the commercialization of malicious code. Sophos’ “Security Threat Management Report” examines the top malware threats in addition to new ones such as ransomware. Computers infected with ransomware block users from accessing their files and display menacing messages demanding money.

A startling trend discovered by Finjan’s security team involves hackers participating in vulnerability auctions in which they sell newly discovered security vulnerabilities to criminals rather than disclose them to vendors who could develop patches to fix the flaws.

Web sites such as Full Disclosure — well-known in the security community — offer auctions in which the highest bidder buys previously unknown vulnerabilities. The report shows examples of a hacker offering to sell information about flaws in Microsoft’s Internet Explorer Version 7.

There is also a market for products that package vulnerabilities into easy-to-use toolkits, said Yuval Ben-Itzhak, chief technology officer at Finjan. The industry has entered an era in which vulnerabilities are becoming commercialized, he said.

“Vulnerabilities are not just being used by technical people,” he said. Malware toolkits enable nontechnical people to exploit vulnerabilities.

A Russian Web site offers one such product, Web Attacker Toolkit. It lets individuals embed malicious code into their Web sites. Anyone who buys the kit can create a malicious Web site that installs spyware on victims’ machines when they visit the site. The product, which costs $100 to $300, is available with support and update services like any legitimate software product.

In addition, Finjan’s research shows that some spam now contains malicious content or links to malicious Web sites and can be used to carry out blended attacks. To combat those new trends, people should consider using behavior analysis software to determine whether software code is legitimate before allowing it into a network, Ben-Itzhak said.

Meanwhile, members of Sophos’ security team are seeing malware writers shift from mass attacks on general Internet users to focused attacks on small, specialized groups of Internet users, said Ron O’Brien, senior security analyst at Sophos. One of their weapons is ransomware.

One example is Zippos, which emerged in March. It encrypted user files and demanded that users pay $300 to stop the attack. Ransom-A prevented its victims from accessing their computer data until they paid a ransom of $10.99 via Western Union. It threatened to delete files every 30 minutes, the Sophos report states.

Several Sophos customers have been infected with ransomware, O’Brien said. However, the firm’s experts analyzed ransomware code and discovered the password to unencrypt locked files. Sophos then posted the password on the company’s Web site to help other victims.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group