Commoditizing Malware

As tools and kits abound, are we on the threshold of McMalware?

Dark Reading Staff, Dark Reading

January 19, 2007

2 Min Read

11:25 AM -- In Business 101, we learn that products generally go through three phases of development: innovation/early adoption, mainstream adoption, and commoditization. In the final phase, the product is available virtually everywhere at a price that nearly everyone can afford.

Malware, I would argue, is reaching that final phase.

Last week, RSA discovered what it calls the Universal Man-in-the-Middle Phishing Kit, an all-in-one package that provides the raw materials to launch sophisticated phishing exploits that appear to be operating on legitimate Websites. (See For Sale: Phishing Kit.)

The toolkit is remarkable not in its creativity, but in its breadth. While most phishing kits target eBay or a specific bank, this one can be adapted to just about any site you wish to attack. And at around $1,000, it costs less than a new laptop.

This isn't the only instance of attackers going for the least common denominator. Spammers recently began targeting one of the most pervasive email media -- the email newsletter. With a simple, easy-to-develop exploit, spammers can now mimic your favorite online e-zine, then insert their messages in pop-ups right in the message. (See Spam Hidden in Email Newsletters.)

Again, the approach isn't particularly innovative, but it's a very easy method to imitate, with a low cost threshold. Spammers of all stripes are likely to grab onto this one like a Happy Meal.

And in the mobile technology world, tools and driver bugs for attacking Bluetooth abound. This attack vector, which was nearly unheard of a year ago, is now becoming a popular exploit. It hasn't yet reached commodity status -- a Bluetooth protocol analyzer costs about $10,000 -- but the availability of tools is definitely on the rise. (See Bluetooth Security Worse Than WiFi.)

With online kits and tools such as these, a hacker no longer needs to be cool, or even smart, to become an attacker. If you know the right places to shop, you can buy phishing kits, rootkits, and pre-programmed Trojans that are as simple and affordable as McDonaldland cookies.

In the past, IT shops ignored some vulnerabilities because they recognized that the exploits would be limited to a select few brains who were smart enough to use them. Today, however, there sometimes is a whole production line of attacks waiting behind each new vulnerability, and the likelihood is much higher that some attacker will find his way to your company.

Malware is becoming a commodity. And if you aren't careful, the next round of McMalware could end up on your network.

— Tim Wilson, Site Editor, Dark Reading

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights