1 min read

The Possibilities of Malware Outsourcing

Bitdefender

August 11, 2010

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
The Possibilities of Malware Outsourcing

Outsourcing malware development to legitimate coders may be a losing tactic for criminals – if only it could be exploited.

Searching through job postings at various coder markets was bound to turn up some interesting items. Sure enough, a search for terms like “C/C++”, “assembler”, “embedded” came up across little gems like this one.

A job to build a ring0 driver may not sound so odd, but when the sole function of the driver is to download and execute something in usermode (ring3) well, then the plot thickens and we may be in the presence of someone trying to outsource malware creation.

Further digging produced job postings for the creation of a crypter/packer/binder which should “use inject file for bypass avs on run-time”,   an executable packer and a downloader. Keep in mind that these are only a few examples, extracted from just a couple of the many websites where coding projects are posted.

By splitting malware projects, job takers can reasonably claim innocence, while full ‘design knowledge’ remains with the originator. Moreover, the variety introduced by varying coding styles, compilers, languages used and so on makes analysis of the ‘finished product’ somewhat harder.

A first, easy step towards stopping such schemes would be a small extension to the reputation system already in place on outsourcing websites, whereby people looking for work might flag some posted projects as “possible black-hat work” for review by site administrators.

Given how common such schemes are, maybe the time to add it is now. Tracing the money exchanged in such projects might even yield the identities of malware outsourcers.

tags


Author



Right now

Top posts

BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

December 06, 2022

1 min read
Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

October 05, 2022

1 min read
A Red Team Perspective on the Device42 Asset Management Appliance

A Red Team Perspective on the Device42 Asset Management Appliance

August 10, 2022

1 min read
Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

SMS Scams Exposed: A Look at Ongoing Campaigns Worldwide SMS Scams Exposed: A Look at Ongoing Campaigns Worldwide
Alexandra BOCEREGAndrei GHINEAMarius TIVADARSilviu STAHIE
15 min read
Real-Time Behavior-Based Detection on Android Reveals Dozens of Malicious Apps on Google Play Store Real-Time Behavior-Based Detection on Android Reveals Dozens of Malicious Apps on Google Play Store
Alexandra BOCEREGRăzvan GOSAAlbert ENDRE-LASZLOAlex BACIUSilviu STAHIE
7 min read
RIG Exploit Kit Swaps Dead Raccoon with Dridex RIG Exploit Kit Swaps Dead Raccoon with Dridex
Mihai NEAGUGeorge MIHALI
1 min read