This year’s Security Threat Report explores how cybercriminals are becoming smarter, shadier and stealthier in their approach to infecting you with their malware. In a new Sophos Security podcast, our experts Chet Wisniewski and John Shier explain the SophosLabs research highlighted within the report.
Listen to the podcast (embedded below) to hear Chet and John discuss how the criminals operate, using sophisticated botnets and exploit kits to spread their malware. They also explain how the cybercriminals are increasingly skilled at covering their tracks.
Battle of the botnets
Despite recent successes by security companies and law enforcement in taking down botnets (networks of infected computers cybercriminals use to distribute malware and spam), the criminal gangs have found innovative ways of fighting back.
For example, efforts by Microsoft and security companies to dismantle the ZeroAccess botnet appear to have had little effect, Chet explains in the podcast.
“While I applaud organizations such as Microsoft for attempting to take down any kind of centralized component of a criminal network, the reality is we’ve got to do a better job of protecting our PCs,” Chet says.
“I think the battle of the botnets is going to be tough to win,” John says. “Their sole reason for being is to infect as many hosts as possible. And when one gets shut down, they’ll change their tactics.”
One of the largest botnets, called Zbot or Zeus, has recently been used to drop the Cryptolocker ransomware on infected machines. As John explains, a computer infected by Zbot/Zeus can be hit again and again by whatever malware the botnet operators distribute for a profit (botnets can be rented out to do the bidding of anyone with the means to pay).
New wave of exploit kits
John and Chet go on to describe how your computer might become part of a botnet: infection by drive-by web attacks from exploit kits. Although one of the most notorious exploit kits, called Blackhole, has faded in use since the arrest of its creators in October, other exploit kits such as Neutrino and Redkit have emerged to take its place.
“We saw a lot of diversification of the exploit kits that came out this year,” John says. “These guys are real entrepreneurs. They saw the success Blackhole was having and decided to emulate that exploit model.”
Exploit kits, which leverage multiple exploits to find a hole in your security, are intimately connected to a problem many IT professionals don’t often acknowledge: infected Linux servers.
“The vast majority of infected web servers that are directing people to these exploit kits to get infected are running Linux,” Chet explains.
Chet and John also share more insights from the Security Threat Report regarding the “breakneck speed” in the development of Android malware, and the ever-present problem of spam.
Listen to the podcast below or at soundcloud.com. And be sure to download the report to access other resources including whitepapers and videos from our experts.
Botnets III: How to avoid them
[…] Explaining botnets, exploit kits, Linux and Android malware (Podcast … […]
BotNets: Understanding Robot Networks
[…] Explaining botnets, exploit kits, Linux and Android malware (Podcast … […]
Highlights from Security Threat Report 2014 (Video) | Sophos Blog
[…] the topics James explores: what’s been happening with the new exploit kits we saw in 2013; how botnets are delivering nasty ransomware; why we can expect more advanced […]
Infographic: Anatomy of a hacked mobile device | Sophos Blog
[…] your smartphone in a botnet—a network of many hacked Androids. Android botnets, just like other botnets of compromised computers, can be used for conducting illegal activities, like attacking websites (DDoS attacks) and click […]
New webcast explaining threats for 2014: Smarter, Shadier and Stealthier Malware | Sophos Blog
[…] the stealthy and dangerous new techniques used by cybercriminal operators of botnets like ZeroAccess and Zbot; new threats to Linux, Mac and Windows; the rise of exploit kits that are smarter and sneakier […]
Keep your website secure from exploit kits and hacker attacks (Video) | Sophos Blog
[…] can be compromised to host malware exploit kits, and used to infect anyone who visits your site. ”Over 30,000 legitimate, small business […]
Cyber Streetwise security campaign asks: Would you do this IRL? (Video) | Sophos Blog
[…] problem of online security as having to do with “viruses,” without really understanding how cyber crime works. ”In reality, most attacks take advantage of the large number of people who fail to follow […]
Botnets, zombies, and the wide world of spam (Podcast) | Sophos Blog
[…] is more serious than just annoying. As Duck explains, spam comes from computers that are part of a botnet operated by cybercriminals. And that means spam-sending zombie computers have malware on them that […]
SophosLabs: Android malware intercepts SMS messages to steal mobile banking codes | Sophos Blog
[…] learn more about Android malware, you should also check out our infographic explaining how cybercriminals can use your hacked mobile […]
Sophos at TED: See a malware attack in action | Sophos Blog
[…] technical knowledge to understand how they work. You could read a detailed technical paper about an exploit kit or nasty fake antivirus. But we think it might be more fun for you to watch our security expert […]
SophosLabs: Gameover banking malware now has a rootkit for better concealment | Sophos Blog
[…] you are likely to stay infected for longer, and lose more data to the controllers of the Gameover botnet,” according to James Wyke, the study author and senior threat researcher at […]
What’s new in Sophos UTM Accelerated (9.2): #7 – Safer Web Application Firewall | Sophos Blog
[…] malware. Hackers are taking over legitimate websites and services at an unprecedented pace to host botnets or distribute malware. Where do you think they find all these websites and services that are ripe […]
Sophos in the news: Gameover malware gets harder to kill; will Windows XP live on after death? | Sophos Blog
[…] If that sounds a little too pessimistic, consider that last year’s arrest of Paunch, the creator of the Blackhole exploit kit, has done little to stop the emergence of new, and even better, exploit kits. […]
How malware works: Anatomy of an attack in five stages (Infographic) | Sophos Blog
[…] tactics for effective web protection (PDF) to find out how you can protect your organization from malware attacks at every step of the […]
SophosLabs: Techniques from APTs showing up in money-making Zbot/Zeus malware | Sophos Blog
[…] Zbot is a widespread malware family that is designed primarily to steal banking data, including usernames, passwords and the one-time access codes used in two-factor authentication. Zbot also frequently deploys ransomware like Cryptolocker to make money for its masters. […]
SophosLabs research uncovers new developments in PlugX APT malware | Sophos Blog
[…] Zbot is a widespread malware family that is designed primarily to steal banking data, including usernames, passwords and the one-time access codes used in two-factor authentication. Zbot also frequently deploys ransomware like CryptoLocker and CryptoWall to make money for its masters. […]
Don’t believe these four myths about Linux security | Sophos Blog
[…] Furthermore, Linux servers are often used to harbor Windows malware. When you click on a malicious link, the likelihood is that it directs you to a Linux server. […]
Net Universe ǀ Connecting Solutions – Don’t believe these four myths about Linux security
[…] Furthermore, Linux servers are often used to harbor Windows malware. When you click on a malicious link, the likelihood is that it directs you to a Linux server. […]
Don’t believe these four myths about Linux security — The Cloud Key
[…] Furthermore, Linux servers are often used to harbor Windows malware. When you click on a malicious link, the likelihood is that it directs you to a Linux server. […]