16 of 17Image
These closely related malware families represent a disturbing trend. Yes, there are competent programmers behind these Trojans, which specialize in stealing information about online banking accounts. (Brian Krebs has done an exceptional job of documenting the workings of these bad actors.)
But what’s new and different is that the malware authors have essentially franchised their work, selling the results as crimeware kits that even a non-programmer can use. Some experts estimate that the Zeus/SpyEye botnets have lifted more than $100 million from innocent victims.
Fortunately, a very aggressive worldwide legal effort led by Microsoft has taken out the most aggressive of these botnets, and the survivors have to be feeling a little nervous. Legal proceedings have become an increasingly effective part of Microsoft’s response to malware, especially in persistent cases like this.
Malware authors relentlessly attacked Internet Explorer in the early 2000s, and they had no trouble finding holes to exploit. As a consequence, cautious web surfers switched to other browsers that promised to be safer. First it was Firefox, then it was Google Chrome.
But malware authors are like cockroaches. They adapt to changing conditions. As a result, one group (possibly the same one that targeted Mac users with Mac Defender) took dead aim at Chrome users with a targeted attack like the one shown here.
At the beginning of the 21st Century, malware authors were mostly in it for the attention, and their wares tended to produce occasionally spectacular, widespread outbreaks.
Today, malware authors are motivated mostly by money, and their primary goal is to remain undetected for as long as possible.
That motivation results in sophisticated infections like the ever-evolving Alureon rootkit, also known as TDL4 or TDSS. Early versions of this particular bit of nastiness infected the Master Boot Record, making them hard to detect. Newer versions are actually capable of creating their own infected hard disk partitions. That leads to situations like the one described in this support post at the Windows 7 IT Pro forums.
And that’s the face of the next generation of online threats—determined, adaptable, and highly motivated.