This year’s Security Threat Report explores how cybercriminals are becoming smarter, shadier and stealthier in their approach to infecting you with their malware. In a new Sophos Security podcast, our experts Chet Wisniewski and John Shier explain the SophosLabs research highlighted within the report.
Listen to the podcast (embedded below) to hear Chet and John discuss how the criminals operate, using sophisticated botnets and exploit kits to spread their malware. They also explain how the cybercriminals are increasingly skilled at covering their tracks.
Battle of the botnets
Despite recent successes by security companies and law enforcement in taking down botnets (networks of infected computers cybercriminals use to distribute malware and spam), the criminal gangs have found innovative ways of fighting back.
For example, efforts by Microsoft and security companies to dismantle the ZeroAccess botnet appear to have had little effect, Chet explains in the podcast.
“While I applaud organizations such as Microsoft for attempting to take down any kind of centralized component of a criminal network, the reality is we’ve got to do a better job of protecting our PCs,” Chet says.
“I think the battle of the botnets is going to be tough to win,” John says. “Their sole reason for being is to infect as many hosts as possible. And when one gets shut down, they’ll change their tactics.”
One of the largest botnets, called Zbot or Zeus, has recently been used to drop the Cryptolocker ransomware on infected machines. As John explains, a computer infected by Zbot/Zeus can be hit again and again by whatever malware the botnet operators distribute for a profit (botnets can be rented out to do the bidding of anyone with the means to pay).
New wave of exploit kits
John and Chet go on to describe how your computer might become part of a botnet: infection by drive-by web attacks from exploit kits. Although one of the most notorious exploit kits, called Blackhole, has faded in use since the arrest of its creators in October, other exploit kits such as Neutrino and Redkit have emerged to take its place.
“We saw a lot of diversification of the exploit kits that came out this year,” John says. “These guys are real entrepreneurs. They saw the success Blackhole was having and decided to emulate that exploit model.”
Exploit kits, which leverage multiple exploits to find a hole in your security, are intimately connected to a problem many IT professionals don’t often acknowledge: infected Linux servers.
“The vast majority of infected web servers that are directing people to these exploit kits to get infected are running Linux,” Chet explains.