Anatomy of a malware attack – how the Russian mafia steal your money.

Malware is everywhere, we even had to clean a clients website recently due to an infected plug in.   That is how easy it can happen.   When it gets in the repercussions are pretty horrendous the major one being the removal of the web site by the hosting company.   Most of the time they are pretty good of tracking infections on their servers.

That type of thing can have major repercussions for any organisation but it can be very easy to do if it is not thought through.   But do you know how the malware empire works?

Typically it starts off really easily, little Johnny wants to download a free song from a web site, he wants to get a little application to do his homework, he wants to steal a game from a download site any or all of the above are just the beginning.    There are others, scanning software finding vulnerabilities on web sites, stupid administrators not changing default passwords they all lead to malware problems and data theft.

The Malware designers are pretty cluey, they watch the social trends, what is coming out in movies, what celebrity has been caught with they pants down,  what is the newest game.   They then create for want of a better phrase “a honey trap”, something that you think you want and have searched for it on google, yahoo or any other search engine.  The designers are so savy that they even use google and SEO to make sure that what your looking for is on the first page of the search that you put in.   This is done with the help of the Zombie Computers already in their network, fake back links and any other systems that they can think of.

So little Johnny, either using the web browser or a Peer to Peer application (P2P), goes to the desired website and downloads the desired piece of data.   If you are using P2P software and it has been installed with its defaults then he is probably infected from the start.   He was either infected by visiting the site or the application that he downloaded is infected.    Either way he now has a problem and worst still he is now a part of the problem.

Little Johnny loves his application, game, movie so much that he sends it to all his friends, or the malware does it for him, either way it is now propagating any way that it can.   The installed application or malware has 3 main components – it is designed to propagate, it is designed to talk to its command and control systems and it also has its primary roll search the computer for information that will make its master money.   It is looking for personal information, credit card details, banking details any information that it can send back to its command and control centre.

Being a good little slave it now has a number of other things that it has to do.   Some of them are programmed into the Malware, others are consequences of actions already completed, others have not been programmed into the application yet and will be downloaded when it does it’s normal update process every day.

The malware on little Johnny’s computer is now a part of a larger organism.   This larger organism, part of a zombie network, also has it role to play in the cyber crime network.   Like any network there is a control centre that manages all of the end points that are out there, it updates itself like normal applications, it applies better stealth techniques and tries to stay hidden from the investigators looking for it.   What you may not know it that the cyber criminals actually rent out this control centre, to other criminals, on a pay as you go agreement.   This means that it is always in use and it is using little Johnny’s computer to DDOS unsuspecting targets.

That is the basics of it, so what do you do to protect yourself?

How about we start with common sense, if it’s free they want something, if it’s stolen then they want something, if it’s illegal then they want something.   Nothing is for free especially when it comes to illegal, pirated and cracked applications, movies, songs and the like.

Do not use P2P software or share based applications to download illegal, pirated and cracked stuff.

Keep your computer updated with a good anti-virus, anti-malware and anti-spyware application, if you cannot afford it use some of the free available ones.

Use a good firewall on your computer and keep it on at all times.   If you have a firewall that restricts, monitors and manages outbound traffic all the better as this can stop an infection from getting to its command and control systems.

keep you operating system and applications updated.  Use windows update, use iOS update for apples.   No matter what the operating system try to use the newest version around but do not get on the Internet and steal it from a pirate site.

If you believe you have been infected there are a number of ways to find out.   Go to a reputable AV site (Trend house call, Bitdefender online scanner) and use their online Virus and malware cleaner.   If it is a major infection reinstall and restore from backup – no backup why not????

Where to from here, I look forward to your input

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.