New Report Shows Malware Sleeps on Computer for Average of 8 Months, Collecting Data
Contributed by: Email on 01/19/2012 10:30 AM [ Comments ]
In a new investigative report from Daily Safety Check , the average time before activation of malware before committing cyber crimes such as bank transfers, fraud and information theft is 8 months.
A recent forensics analysis by Daily Safety Check of a major botnet shows how current cyber-crime botnets place value on collect information using long-term surveillance before committing financial fraud and theft, contrary to the quick smash and grab crimes that are commonly focused on by the computer security industry.
Criminals use basic law enforcement technique to watch computers and build a behavior and information profile on their users. In this case, its not a numbers game, says Jim McKenney, the computer forensics expert who did the analysis, large malware infection rates look fantastic and garner headlines, but the projected size of botnets and their infection in the consumer computer ecosystem does not accurately capture the threat. This investigation reveals that building in-depth profiles has led to less attention and a higher value payout per event.
The computer forensics analysis of a botnet comprised of SpyEye and Carberp malware performed behavior profiling of its slaved computers for an average time of 8 months. During the eight months linkage analysis was used on people who used the infected computer, rated values assigned to activities with higher value activities classified as either One-Time-Event (OTE) or Modus Operandi (MO), a complete profile generated and a confidence value assigned based on potential crime signatures established.
Higher values were assigned to people with strong serial relationships with their computers and online resources, as opposed to those who infrequently used them, or consistently repeated the same activities over time. A strong serial relationship, McKenney says, is one where a persons behavior is expressed with technology, not only day-to-day activities performed such as emailing friends or checking an account balance, but fantasies expressed like that $3000 HD 3D TV sitting in my Amazon Wish List, or my travel alerts for St. Thomas.
The current security culture tends to focus on one off crimes of opportunity such on stealing Facebook credentials, making money transfers or stealing debit/credit card information as the threat. It also consistently tells us that the future will be better; that security and application vendors are getting better at correcting problems and fixing security issues; that over time security vendors will get better at protecting computer owners.
The Daily Safety Check , investigative report says otherwise. In fact, it provides evidence that once a computer is owned by a botnet, future anti-virus updates system and application patches and fixes do not provide substantial benefits to a consumer. In fact they often give the owner a false sense of security, leading to a higher compromise rate.
Emphasis is the current computer security market is on preventing an intrusion, says McKenney, but there is little that users can do once their infected, unless they are monitoring for cyber-attacks. Daily Safety Check , provides daily monitoring and real time updates of threats against cyber attacks, and alerts network administrators of weaknesses in user security.
For more information contact Jim McKenney, MBA, CISA, CISM, GSNA, GPEN at info(at)dailysafetycheck(dot)com.
Comments