Saturday, May 14, 2011

White paper discusses who "crimeware" works

There is a white paper by Gunter Ollman, VP Research Damballa, “Behind Today’s Crimeware Installation Lifecycle: How Advanced Malware Persists to Remain Stealthy and Persistent”, link here.

Ollman discusses “droppers” and “downloaders”, their ability to disable anti-virus programs and run at the command of master servers, often to participate in DoS attacks. The packages are “rented” by criminals from the “authors”, and activated by CnC (command and control) orders. They may send personal information to organized crime even when disabled by home or business users.

As with wireless wardriving of routers (which does not happen on your computer and is not affected by antivirus software), the enterprise raises questions whether users could become viewed as liable for allowing their machines to be used for criminal purposes, inviting lawsuits and visits from police, often on legally incorrect grounds. Of course, there is “plausible deniability”.

New computer warranties may not cover covert virus infection, and many services will not remove viruses without wiping out hard drives.

CircleID has an introduction page for the story, here.  

The summary story was tweeted by Webroot. 

No comments: