Five Places Where Malware Hides
Malware has to live somewhere. And while some Web filtering solutions can detect known malware hosts, most malware hides in sites that are otherwise benign.
As 2011 began to wind down, so, it seemed, did a lot of security-related news. Year-end reviews and new year predictions made up the bulk of news stories I came across.
Well, it hasn't taken long for things to ramp up again. And not surprisingly, one of the biggest stories to start 2012 is how the old worm Ramnit has been re-engineered to steal financial information. The real news with Ramnit, however, is that it is now attacking Facebook and has stolen the login credentials of 45,000 accounts.
Now, 45,000 Facebook accounts is a drop in the bucket when you consider how many Facebook accounts there are. And ZDNet discovered that the news might not be as bad as it seems. Much of the information gathered by Ramnit was out of date and the worm isn't propagating on Facebook.
However, perhaps we are better off scratching beneath the surface to the real concern with Ramnit's revival. As John Weinschenk, CEO at Cenzic, told me in an email:
This discovery is demonstrative of how hackers can adapt their techniques to steal data. What was once malware designed to steal data from financial institutions has evolved into a social network threat. Bank account numbers and Facebook login credentials seem very different, but to hackers, they are equally as lucrative. With Facebook credentials, hackers have the ability to propagate the malware, placing it on the Walls of thousands people who then spread it to others. Because many people use the same username and passwords on multiple websites, there's also the added risk associated with hackers gaining additional access to other social networking websites, email accounts, and corporate networks.
Seculert was the first to announce the reinvented Ramnit, and warns that we may be seeing this type of re-engineering more often as the more sophisticated hackers are tinkering around with older malware. Rehashing something that has had proven staying power and value is a heck of a lot easier than creating something brand new, after all. We see remakes all the time in movie theaters and in music, so why not in malware?