![]() ![]() ![]() A researcher flapping his hands in confusion somewhere in China can result, a few weeks later, in a hurricane of ransomware infections in the Caribbean, and a very angry manager being told “yes, we did have the MalBot family covered, but you see, this Malbot is not exactly that Malbot… look, it’s complicated”. This is the strange and headache-inducing world of malware that has had its source code leaked, and it’s not only the concern of researchers and analysts the confusion and fragmentation that result have serious downstream effects for end users. No one is there to call all the shots, but there are many unrelated people each calling some of the shots, putting each branch of the malware in a state of constant divergent evolution. There is no single actor in control of the malicious codebase or the binaries, but there is no universal proliferation of the malware as a standard tool, either. Some strains of malware fall into a gray area. Malware strains are then neatly mapped to actors (or at worst, actor-affiliate pyramids), who we feel comfortable reasoning about and any malware not neatly mapped to an actor is just a depersonalized tool, which carries no dramatic baggage of its own that researchers need to keep track of.Īlas, reality is more complicated than that. It’s comforting to think of malware in the above terms alone. Other strains, like the open-source Quasar RAT, are “public domain” malware they’ve remained the same for so long and been used as a Lego piece so repeatedly that it’d be a fundamental error to try and attribute them to an actor, a campaign, a victim or a time-frame. Some malware strains, like the gone-but-not-forgotten GandCrab, are intimately tied to a single actor, who is using the malware directly or distributing it via an affiliate program. Most of the time, the relationship between cybercrime campaigns and malware strains is simple. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |