Gunter Ollmann, Holly Stewart IBM
download slides (PDF)
Following established capitalistic traditions, malware authors have adopted a mercenary approach to their new malicious business opportunities. With competition rife amongst malware authoring teams as they battle amongst each other to secure new customers and subscribers of their services, plagiarism and cloning are a way of life; there is no honour amongst thieves.
Not only must each author protect their IP investment, but in order to retain 'market share' they must be competitive in ways beyond the capabilities of the actual malware. For example, malware teams now promote aspects such as ease of use, command and control uptime, bot-agent retention rates, encryption strength, reliability and server-hosting bandwidth.
We have been observing the commercialisation of malware and the way these businesses have been developing. From the evolution of phishing kits through to the development of bank-specific man-in-the-browser proxy trojans, the threat may have already exceeded the technologies capable of thwarting them.
In this session we will closely examine the competitive drivers behind the malware developed for (and used by) organized crime syndicates, study which trends can be extrapolated to a horizon-three timeframe, and how the competitive nature of malware capitalism may actually make it easier for the security industry to battle them.