Malware & Attacker, ExposedMalware & Attacker, Exposed
April 3, 2007
Nazario says he and fellow researchers can also detect IRC bots, and shut them down, too. "If we didn't have visibility into what the obfuscated exploits were doing, we wouldn't get any of that."
It comes down to attackers shifting their focus toward clients, namely Web browsers. "They used to wait for you to come to them as clients." But now more attackers are targeting the browser itself, he says. "We are seeing a lot of attacker interest recently in this."
Being able to reverse-engineer malware lets an analyst determine if the attacker is going after banking site passwords, gaming license keys, or just to install bot software or spamkits, Nazario says. "There's some attacker profiling we do."
If an attacker only recycles existing malware tools or does a minor edit to them, that indicates a low level of skill. But the danger here is that it can spread more quickly, although it's easier to detect and mitigate in the end, he says.
Attackers who write their own code are typically more sophisticated and determined. "We see a very small number of people who write their own private exploit code. You know then that you've got an adversary who studies the technology, is highly motivated, and making a bunch of money off of this."
And every attacker has his or her own "voice," with certain techniques or clues in their coding that can identify it's the same attacker doing the dirty deed. "There's a behavioral marker for that person. We all have a set of skills we fall back on. We all have a unique voice."
— Kelly Jackson Higgins, Senior Editor, Dark Reading
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
The State of Supply Chain Threats
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Maximize the Human Potential of Your SOC
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization