The PC virus turns 25

New worry emerges: Attack toolkits

Happy anniversary Basit and Amjad! Twenty-five years ago this month, the Alvi brothers of Lahore, Pakistan, gave the world the Brain Virus, the first bit of malware capable of infecting a DOS-based PC. Back in those relatively innocent times, the brothers actually embedded their real names and business address in the code and later told Time magazine they had written the virus to protect their medical software from piracy.

Who knows what they were really thinking, but by all accounts the Brain Virus was relatively harmless. Twenty-five years later, most malware is anything but benign and cyber criminals pull off exploits the Alvi brothers never envisioned.

No longer just a way to make a political point or demonstrate one's technical prowess, malware has become a useful tool in the bag of tricks bad guys use to steal from consumers and institutions alike. And just as big-time drug dealers and many criminal gangs now mimic the ways of legitimate business, hackers have begun to do the same.

One particularly disturbing trend coming to light in this anniversary month is the production and online sale of "kits" that allow relatively unskilled hackers to create and launch malware attacks. And by "kit" I really do mean a kit. "Attack toolkits are bundles of malicious code tools used to facilitate the launch of concerted and widespread attacks on networked computers. Also known as crimeware, these kits are usually composed of prewritten malicious code for exploiting vulnerabilities along with various tools to customize, deploy, and automate widespread attacks," according to a recent report by Symantec.

Marc Fossi, a development manager for the giant security company, says attack kits are selling on the Web from $40 or $50 to about $4000. Some hackers peddling the higher-end kits even offer online support and subscription services, so customers can get updated versions of the malware. Symantec has also observed advertisements offering to help install and set up purchased attack kits for a fee. "It's like a mirror of the legitimate software business," he says.

Here are six reasons to be concerned:

1. Attack kits make it easier for relatively unsophisticated hackers to launch an attack. That's not to say that any computer-illiterate bozo could successfully use one of these kits, but it's much easier than building a virus or other malware from the ground up, says Fossi.

2. The prevalence, simplicity and effectiveness of the attack kits are contributing to an upward spike in cybercrime. For example, one major kit called ZeuS accounted for more than 90,000 unique malicious code variants as of August 2009. That's 90,000 different malware applications; the number of computers attacked by ZeuS is in the millions. Not coincidentally, ZeuS is designed primarily to steal financial details, such as the online banking credentials of a victim. Its ease of use and ability to generate income makes it an appealing purchase for even novice cybercriminals.

3. Cyber criminals, like legitimate business people, believe in a return on investment. Since they're spending money to buy those attack kits, it's likely they'll want to use them.

4. Because buyers of the kits can get updates, they're using the newest and most potent versions of the malware, and that, of course, means users will be hit even harder.

5. Increasingly, attack toolkits include exploits for vulnerabilities that encompass multiple applications and technologies. This increases the likelihood that an attack will succeed because there is a greater chance that the victim will be using one of the vulnerable applications and that one of the applications is unpatched.

6. The attack kits spew out malware that can attack multiple platforms; so users of Macs or computers running the Linux operating system, which are usually considered safer than Windows, are at risk as well.

Naturally, you want to defend yourself against these clowns. Some of the viruses and other kinds of malware are so that new your anti-virus and other types of protection might not recognize them, but many are known. So be sure you're running reputable defense programs and keep them updated. And since many of the kits rely on "poisoned" Web sites, make certain that if your malware detector questions the authenticity of a site you pay attention and get out of there without clicking on anything.

It's tempting to make jokes about those two wild and crazy guys from Pakistan, and to be sure, the story of the Brain Virus has its place in computer lore. But ultimately, this stuff isn't funny, and it's not really a happy anniversary.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityvirusmalwareantivirus

More about LinuxMacsSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bill Snyder

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts