When authorities try to suppress malware authors, those criminals either return to the drawing board to develop a more advanced approach or just their arsenal of technology they haven't even needed to deploy yet.
This is a system that certainly favors the criminal, and security experts are finding it difficult to keep the malicious elements at bay. When it comes to attacks on enterprise security, few are as powerful or fearsome as banking incursions. Because banks are where the real money lies, they also present one of the most lucrative targets for cyberattackers. As a newly emergent strain of banking malware proves, this threat is only becoming greater.
In some ways, malware authors are like any other product developer. First, they go off and work on creating something unique, refining it until it's reached a marketable form. After that, they take it to market. The only difference is that this "market" is actually just a series of underground forums that deal in highly illegal business and are frequented by criminals. Still, malware, just as any other kind of product, is something that's for sale.
According to security expert Etay Maor, most malware on the black market sells for a few hundred dollars. Imagine Maor's surprise, then, when he was doing a little investigative work into current malware strains and discovered a product with a street value of $7,000. The name of the product is Kronos, and its steep asking price attests to its undeniable strength.
As Maor found out, Kronos has some key assets that cheaper malicious strains cannot offer. Among these are the ability to bypass antivirus software and a rootkit that allows for the suppression of competing Trojans. The image Maor paints of Kronos is that of an attacker that lays siege to its competition before draining its victims of profits. Considering that Kronos is already making the rounds on Russian underground forums, it likely won't be long before news stories start cropping up describing its impact in very real terms.
In an email to PCWorld, Dmitry Tarakanov, a senior security researcher at Kaspersky Lab, said that the relatively high asking price for Kronos is unlikely to deter prospective buyers, particularly if the strain delivers the goods as it promises.
"Professional groups can make hundreds of thousands [of dollars], so $7,000 is more than acceptable for them," he wrote.
The ultimate test of Kronos' efficacy will happen when it rises out of the shadowy forums it's lurking in and hits the mainstream. According to Tarakanov, the emergence of Kronos points on a larger scale to a strong effort among malware developers to always remain ahead of the forces that are trying to suppress them.
"Source code leakages and botnet shutdowns have been happening constantly but we see virus writers from time to time come up with new (or based on old but modified) banking malware," he said.
For all the apparent power of Kronos, it will likely not be long before something even more threatening bursts onto the scene.