Botnets power growing malware cloud

Today's exploit developers needed only a "couple of racks of good servers" and a botnet farm to service the growing malware-as-a-service market, security vendor M86 has warned.

The firm this week predicted that what it called "cloud-based malware services" would become more common in 2011, enabling under-resourced, would-be attackers to enter the world of cybercrime.

"Malware as a service is a pretty new thing," M86's Asia Pacific director of sales engineering Jason Pearce told iTnews.

"Usually, what happens with exploit kits is you go download these tools, then you have to store them on your own infrastructure, which comes with associated hardware costs.

"[Now], criminals can actually rent infrastructure, people and tools," he said.

Early last year, authentication software provider Vasco flagged cybercrime outsourcing as a key trend for 2009 with malware writers offering hosted services for as little as $450.

M86 highlighted in its Threat Predictions 2011 report various malware services from writers of the NeoSploit and Phoenix exploit kits.

NeoSploit, for example, was available as a specific web server configuration that redirected victims to a back-end server that was apparently handled by the NeoSploit team.

These service providers were difficult to identify, Pearce said, noting that security vendors and law enforcement agencies often went "underground" to learn of new malicious offerings.

Undercover security professionals trawled message boards, chat programs and communities to earn cybercriminals' trust and "catch them in the act" of advertising new services before attacks were launched, he said.

"The infrastructure you need to run these attacks are pretty lightweight," he said. "It's fluid. It doesn't exist in one place. Botnets change, and it's very hard to track them down."

M86 highlighted the following security threats in its report:

1. Malware will increasingly use stolen digital certificates to bypass whitelisting and code signing requirements
2. Exploding smartphone market and growing tablet demand lead to more mobile malware
3. Spam campaigns will increasingly mimic legitimate mail from popular websites
4. Data-stealing trojans will become more sophisticated
5. On social networks, more users and more integration lead to more problems
6. As a new standard, HTML5 will become the new target for cybercriminals
7. Malware-as-a-Service (MaaS) offerings will increase as an alternative to malware applications
8. Botnets will thwart future takedowns; smaller botnets will become more prevalent