Kaspersky Lab announces the publication of Malware Evolution: July – September 2007

30 Nov 2007
Virus News

Kaspersky Lab, a leading developer of secure content management solutions, announces the publication of Malware Evolution: July – September 2007. The authors of the article, Alexander Gostev and Vitaly Kamluk, are both virus analysts at the company.

In the quarterly report the Kaspersky Lab analysts talk about the growing trend of new threats that, for the most part, are emerging as a concentrated flow of uniform Trojan programs and whose appearance no longer arouse the mass public discussion that they once did. The lack of originality and the scale of activity, according to the analysts, points to a greater professionalism among cybercriminals – attracting the attention of the press or law enforcement agencies is no longer their main aim.

However, the greed of the criminals has exposed the general public to the vagaries of malware. This was underlined by the appearance of the latest Trojan blackmailer and with Internet resources whose sites saw the simultaneous installation of multiple botnets. The situation surrounding the Storm botnet also caught the attention of the public as it exceeded 2 million infected computers, and finally there was the appearance of Trojan spyware aimed at stealing the data of users with Russian software for accessing the stock exchange system online.

The report describes in detail the work of a virus expert, using the example of the latest version of Gpcode.ai, a Trojan that encrypts user data. Those reading the report get a rare insight into the world of Russian-speaking cybercriminals and how they interact with one another.

During the investigation into Gpcode.ai, a number of interesting factors came to light. Firstly, it became clear that there was 'universal’ code that was used in a range of malicious programs with differing functions. Secondly, the analysts identified new links between different families of malicious code which initially appeared to have nothing in common. Thirdly, the Russian-speaking cybercriminal community is now using a standard package consisting of two Trojans and the botnet controlled by them.

The Kaspersky Lab experts concluded that the demand for the creation and distribution of Trojans was encouraging the cybercrime industry to continue evolving.

The full report can be found at Viruslist.com.