blog trackingRealtime Web Statistics Success Archives - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘Success’

4MP Success Story: Ellen! or “Ellie” from the book!

Ellen was one of the first and original 4MPlanners. After a sucky end to her marriage, Ellen found herself at my show, laughing for the first time since the … ___________________________ Read More….

View full post on Select From Our Menu

Online Dating Success Tips Seattle

online dating success seattle. Read More….

View full post on Select From Our Menu

Dating System for Success Overseas Plain and simple, here’s what you’ll get from this video The reasons your chances for success are best with Dream Connections: 1. The ladies are screened 2. The men are screened 3. System designed to be comfortable 4. Read More….

View full post on

Top Internet “Stock Alerts” Continue 100% Perfection Streak After 96% Success Rate in 2011

SANTA CLARA, CA– – The "Stock Alert" service has set the benchmark for winning stock trades. Since January 2003, 96% of all closed-out trades have ended in gains, and some of them …

View full post on computer security alerts – Yahoo! News Search Results

View full post on National Cyber Security

Why publishers should build direct sales channels – Allen Noren on ebook sales success and competing in a global market.

In this TOC video podcast, Allen Noren, the head of O’Reilly’s online and marketing groups, addresses questions about how to succeed in the digital market, dealing with “Walmart world” deep discounts, and learning from fixed-price territories.
Why publishers should build direct sales channels – Allen Noren on ebook sales success and competing in a global market., Blog, Allen, Channels, Should, #Ebook, Market, Sales, global, Success, direct, Competing, build, publishers, Noren

View full post on O’Reilly News and Commentary

View full post on National Cyber Security

Despite a Flailing Stock Market, BullTrade Stock Alerts Continue to Hit at a 96% Success Rate

SANTA CLARA, CA– – has been refining its proprietary trading methodology over the past 13 years, and the results have been spectacular. Only recently, the “Stock Alert” service …

View full post on computer security alerts – Yahoo! News Search Results

View full post on National Cyber Security

‘Security awareness key to success of mobile banking’

BANGALORE, INDIA: Wireless devices are soon set to usher in a new market revolution by enabling mobile banking, mobile payment, mobile wallet, mobile money transfer and other financial services to users.

View full post on cellphone security – Yahoo! News Search Results

View full post on National Cyber Security

On the Success of Malware

There’s often a lot of discussion about whether a piece of malware is advanced or not. To a large extent these discussions can be categorized as academic nitpicking because, at the end of the day, the malware’s sophistication only needs to be at the level for which it is required to perform — no more, no less. Perhaps the “advanced” malware label should more precisely be reattributed as “feature rich” instead.

Regardless of whether a piece of malware is designated advanced or run-of-the-mill, and despite all those layers of defense that users have been instructed to employ and keep up to date, even that ever-so-boring piece of yesteryear malware still manages to steal its victims banking information.

How is that possible?

I could get all technical and discuss factors such as polymorphism and armoring techniques, but the real answer as to why the malware manages to slip by all those defenses is because the bad guys behind the attack tested it prior to release and verified that it was already “undetectable” before it was shipped down to the victim’s computer. Those host-based defenses had no chance.

It’s worthwhile noting that generating “unique” malware is trivial. Armed with a stock-standard off-the-shelf DIY construction kit, it is possible to manually generate several hundred unique variants per hour. If the cyber-crook is halfway proficient with scripting they can generate a few thousand variants per hour. Now, if they were serious and stripped back the DIY kit and used something more than a $200 notebook, they could generate millions of unique variants per day. It sort of makes all those threat reports by anti-virus vendors that count the number of new malware detected each month or year rather mute. Any cyber-criminal willing to do so could effectively choose what the global number of new malware will be and simply make enough variants to reach that target. I wonder if any online betting agencies will offer worthwhile odds on a particular number being achieved. It may be worth the effort.

Armed with a bag of freshly minted malware, the cybercriminal then proceeds to test each sample against the protection products they’re likely to encounter on potential victim’s computers — throwing out any samples that get flagged as malware by the anti-virus products.

Using a popular malware DIY construction kit like Zeus (retailing for $4,000, or free pirated version via Torrent download networks), the probability of any sample being detected even at this early testing stage tends to be less than 10 percent. If the cybercriminal chooses to also employ a malware armoring tool that average detection rate will likely drop to 2 percent or less.

Obviously this kind of testing or, more precisely, Quality Assurance (QA) is a potentially costly and time-consuming exercise. Never fear though, there are a lot of entrepreneurs only too happy to support the cybercriminal ecosystem and offer this kind of testing as a commercial service.

Today there are literally dozens of online portals designed to automatically test new malware samples against the 40+ different commercially-available desktop anti-virus and protection suites — providing detailed reports of their detection status. For as little as $20 per month cybercriminals can upload batches of up to 10,000 new malware samples for automated testing, with the expectation that they’ll receive a thoroughly vetted batch of malware in return. These “undetectable” malware samples are guaranteed to evade those commercial protection products. As a premium subscription service model, for $50 per month, many QA providers will automatically fix any of the malware samples that were (unfortunately) detected and similarly guarantee their undetectability.

Armed with a batch of a few thousand fully-guaranteed malware samples that are destined to be deployed against their victims in a one-of-a-kind personalized manner, it should be of little surprise to anyone precisely why run-of-the-mill or feature-rich malware manages to infect and defraud their victims so easily.

By Gunter Ollmann, VP of Research at Damballa. Visit the blog maintained by Gunter Ollmann here.

Related topics: Cybercrime, Malware, Security

Article source:

View full post on National Cyber Security » Virus/Malware/Worms

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?

Find Out More, Click Here!