October 7, 2011, 5:50AM
Researcher: Malware, Increasingly Interdependent, Stifles Security Wares
Comment BARCELONA -- A researcher says that malicious software such as botnets and browser exploit kits are becoming more and more interdependent, complicating the job of those who seek to detect and remove the malware.
Aditya Sood, a doctoral student in the Department of Computer Science and Engineering at Michigan State University, told attendees at the annual Virus Bulletin Conference in Barcelona that malware infections are, today, often more chain reactions than discrete events: with one type of malware opening the door for subsequent malicious programs. The interplay between the different malware is making it harder for security vendors - which often sell technology designed to combat a single type of security problem - to effectively thwart infections.
Sood, who is also a principal at Secniche.org, was presenting findings from research on the workings of the BlackHole browser exploit pack (BEP), a common toolkit for spreading malware through infected Web pages.
Editor's Pick
Rather than operating independently, the BlackHole BEP relied heavily on the Zeus malware family to spread - and vice-versa, Sood found. The Zeus malware relies on BlackHole's anti-malware tracking features, whereas Sood observed BlackHole uses the Zeus database of infected hosts to spread, harvesting specific details about the Zeus-infected target and then launching attacks that would trigger infections on that host, Sood said.
Sood said that BlackHole and other BEPs have added open source components and anti detection features to maximize their infection rates and to make detection and removal of the packs more difficult. In particular, polymorphic shell codes are being used to avoid detection by anti malware and intrusion detection systems.
"There's really no good client side detection for polymorphic shellcode that don't generate lots of false positives," Sood said.
The complexity of the interactions between different types of malware are raising the bar for security software and for security professionals, who increasingly need to use a combination of malware analysis, Web application security and penetration testing, Sood said.
Commenting on this Article is closed.
Today's Most Popular
- Anatomy of a LulzSec Attack 'Singles Out' Web 2.0 Weakness
- Common Firewall Feature Enables TCP Hijacking Attacks
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- OPINION: Are Anonymous Members Forged in the Crucible of IT Compliance?
- Facebook Cancellation Malware Disguised As Adobe Update Making Rounds
Most Commented Stories
-
Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest (9)
-
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops (10)
-
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you (1)
-
HULK DDoS Tool Smash Web Server, Server Fall Down (4)
-
Report: Diablo III Users Find Accounts Hacked, Gold Stolen And New 'Mystery' Friends (2)
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
20%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
28%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 65
Follow Threatpost
 |  |  |  |
| Tumblr |
