| 20 |
| Oct |
Article from Rik Ferguson
Filed under: malware,Underground Economy | RSS 2.0 | TB | Tags: cybercrime, malicious code, malware, web | 3 Comments
Yet more proof, if any were needed, of the firmly established underground criminal economy in the form of Scanning-as-a-Service.
Illicit competition for Virustotal has appeared in the form of a Russian website offering automated malware scanning-as-a-service to help their malware continue to fly under the radar of pattern-based detection.
Virustotal is an award-winning, entirely legitimate service that allows users to upload files and scan them against all the major security vendors up-to-date products, free of charge. Because they are above board though, that means they work with those same security vendors to ensure that samples of malicious files are received by the security industry to improve detection rates. Clearly this is Not A Good Thing™ for the criminals who are constantly trying create new malware that remains undetected.
Cue “The Anti Virustotal” I won’t share the URL here, because I don’t want to advertise their services. This Russian site is currently advertising its newly launched service on underground forums. They offer scanning against 18 well-known AV products that are “updated every day”, files can be uploaded directly or pulled from a URL and the scanning process can be scheduled to run every 1, 6, 12 or 24 hours. Subscribers receive detection status reports over Jabber or ICQ, the implication being that as soon as their junk begins to be detected they can re-engineer it to continue to evade the scanners. The service is a commercial offering and its pricing structure is designed to encourage repeated large-scale use.
Screen grab from the Russian Scanning site showing prices
A recent addition to that paid offering is a free service (as long as you don’t have a zero account balance) checking against the Malware Hash Registry operated by the respected Team Cymru. I can only assume they offer this as a free service because they didn’t want to do anything illegal like violate Team Cymru’s licensing, after all, the Russian site describes itself as a “Trusted vendor of AV service checking“. Yes, of course they are…
Related posts:
- Twitter Trends Lead to Rogue AV
- Razer downloads distributing malware
- TweetFollow your way to infection
- Targeted Attack Designed to Infect Both Macs and PCs.
- Malware on Demand
| Teksquisite: Tuesday, 20. October 2009 um 6:12 pm |
|
|
Good find Rik! Thanks for all the great security research that you do :) Cheerios, |
|
| Julio Canto: Wednesday, 21. October 2009 um 8:08 am |
|
|
Yes, I think I’ve seen at least two of this services working out there, but I guess most of this guys prefer using ‘self-contained’ kits that already exist and they can install in their own computers, that basically do the same thing but in local. After all, it is a matter of trust (or lack off). |
|
Tuesday, 20. October 2009 um 5:54 pm
[...] This post was mentioned on Twitter by Rik Ferguson and Edu Godinho, Trend Micro Brasil. Trend Micro Brasil said: Mais uma evolução das ameaças, agora como serviço!! MAAS – Malware as a Service: http://migre.me/9vNX [...]