Malware threats on the rise

Vulnerability auctions, do-it-yourself malware kits and ransomware are some of the security trends that have emerged so far this year, according to two new security reports.

“Web Security Trends Report,” a quarterly report by Finjan Software’s Malicious Code Research Center, focuses on the commercialization of malicious code. Sophos’ “Security Threat Management Report” examines the top malware threats in addition to new ones such as ransomware. Computers infected with ransomware block users from accessing their files and display menacing messages demanding money.

A startling trend discovered by Finjan’s security team involves hackers participating in vulnerability auctions in which they sell newly discovered security vulnerabilities to criminals rather than disclose them to vendors who could develop patches to fix the flaws.

Web sites such as Full Disclosure — well-known in the security community — offer auctions in which the highest bidder buys previously unknown vulnerabilities. The report shows examples of a hacker offering to sell information about flaws in Microsoft’s Internet Explorer Version 7.

There is also a market for products that package vulnerabilities into easy-to-use toolkits, said Yuval Ben-Itzhak, chief technology officer at Finjan. The industry has entered an era in which vulnerabilities are becoming commercialized, he said.

“Vulnerabilities are not just being used by technical people,” he said. Malware toolkits enable nontechnical people to exploit vulnerabilities.

A Russian Web site offers one such product, Web Attacker Toolkit. It lets individuals embed malicious code into their Web sites. Anyone who buys the kit can create a malicious Web site that installs spyware on victims’ machines when they visit the site. The product, which costs $100 to $300, is available with support and update services like any legitimate software product.

In addition, Finjan’s research shows that some spam now contains malicious content or links to malicious Web sites and can be used to carry out blended attacks. To combat those new trends, people should consider using behavior analysis software to determine whether software code is legitimate before allowing it into a network, Ben-Itzhak said.

Meanwhile, members of Sophos’ security team are seeing malware writers shift from mass attacks on general Internet users to focused attacks on small, specialized groups of Internet users, said Ron O’Brien, senior security analyst at Sophos. One of their weapons is ransomware.

One example is Zippos, which emerged in March. It encrypted user files and demanded that users pay $300 to stop the attack. Ransom-A prevented its victims from accessing their computer data until they paid a ransom of $10.99 via Western Union. It threatened to delete files every 30 minutes, the Sophos report states.

Several Sophos customers have been infected with ransomware, O’Brien said. However, the firm’s experts analyzed ransomware code and discovered the password to unencrypt locked files. Sophos then posted the password on the company’s Web site to help other victims.