The Cybercrime Ecosystem by Eugene Kaspersky - Founder/CEO Kaspersky Lab

Cybercrime Techniques

Generally speaking, today's cybercriminals have to consider two different techniques to achieve the desired end result - delivery and deployment.

Delivery

The first step in any cybercrime is delivering and installing the malware. Cybercriminals use a number of techniques to accomplish this goal. Today's leading malware transmission techniques (also called "infection vectors") are spam mailings and infected websites. The ideal setup for criminals is a vulnerable victim machine that allows malware to be installed immediately, whether it is delivered by spam or by a "drive-by" scenario, where malware is downloaded from a website that the victim visited while surfing.

Deployment

Once the malware is delivered, the criminals strive for it to remain undetected for as long as possible. Malware writers use a number of technical strategies to maximize the lifespan of each piece of malware.

As a primary strategy, the malware writers depend on stealth not only for delivery, but also for survival. The less visible their malware is to antivirus early-warning radar systems and law enforcement agencies, the longer the malware can be used to provide access to infected machines and to harvest data. Common stealth techniques include rootkit technologies, suppression of system error messages, concealed increases in file size, many and varied packers, and suppression of antivirus warning messages.

Malware authors are also relying heavily on obfuscation techniques to avoid detection. Polymorphism is an obfuscation technique that was popular in the 1990's and then virtually disappeared. Today, malware writers have returned to polymorphism, but rarely do they attempt to morph code on victim machines. Instead, there is a distinct trend of server-side polymorphism - the re-compiling of code on web servers with "do-nothing instructions" that vary.

<< Previous  Next part >>

©2008, Kaspersky Lab, Inc. All rights reserved.