A Multi Feature Malware Crypter

Compared to the malware crypters I covered in previous posts -- part of the Malicious Wild West series -- this one is going way beyond the usual file obfuscation, and despite that it's offered for sale and not in the wild yet, it includes anti-sandboxing, and anti-virtual machine capabilities, as malware authors started feeling the pressure posed by the two concepts when it comes to detecting their releases.

Features include :

- Add File to load on Memory

- Add File to load on Browser

- Add File to drop on Temp

- Add File to drop on System

- Add File to drop on Windows

- Process injection

- Different crypting routines on a per buyer basis

- Mega icons pack with the purchase

So let's sum up, the end user isn't bothering to update her anti virus software signatures, and even if she did and despite a vendor's response time, the concept of zero day malware and rebooting the lifecycle of a malware release through crypting it, is sort of ruining the signatures based scanning approach. Still living in the suspicious file attachments world, the end user is easily falling victim into web site embedded malware taking advantage of months old client side vulnerabilities in their web browser, media player and everything in between. Botnet communication platforms are maturing, not with the idea to innovate, but to diversify the communications channels, and so are malware embedding and statistics kits. OSINT through botnets given the amount of infected PCs is a fully sound practice, and so is corporate espionage through botnets.

Moreover, what used to a situation where malware authors were doing over their best to maintain their releases as invisible as possible, nowadays, malware is directly exploiting vulnerabilities within anti virus software to evade detection or get rid of the anti virus software itself. In fact, malware authors became so efficient so that vendors are coming up with very interesting stats based on the greediest, smallest, largest and most malicious malware on a monthly basis.

As always, the "best" is yet to come.

Bluetooth Movement Tracking

Passing by the local Hugo Boss store, all of a sudden you receive a SMS message - "It's obvious you like out new suits collection since that's the 5th time you pass by our store, and spend on average 15 seconds staring at them. So, why don't you come inside and take a closer look for yourself?". Spooky? For sure, but with bluetooth movement tracking to faciliate purchases slowly emerging in the practices of evil marketers basically generating even more touch points with the assets in their brands' portofolios, it's something to keep an eye on :

"When the project was deployed at the ZeroOne Festival is San Jose, California, the system sent attendees messages about where they had been and asked about their intentions for being there. For example, one such message read, “You were in a flower shop and spent 30 minutes in the park; are you in love?” Those contacted were eventually led to the Loca kiosk where they could obtain a log of all their activities, which sometimes reached over 100m long. It should be noted that movement was only tracked on phones with discovery mode turned on."

Marketing research and faciliating purchases aren't the only incentives for marketers and of course malicious attackers looking for innovative ways to socially engineer you to accept a bluetooth connection, even an attachment. Measuring the ROI of advertising and sales practices that used to lack reliable metrics is becoming rather common, like for instance this Big Brother style billboards that measure how many people actually looked at them :

"If you’ve ever seen a poster in the mall that you’ve liked and stared at it for some time, chances are, that poster will be staring right back. This is, however, not so much of a "Big Brother" gimmick as much as it is a marketing tool. From xuuk, a Canadian-based company specializing in cutting-edge technology, comes the eyebox2. This contraption is essentially a tiny video camera surrounded by infrared light-emitting diodes. It can record eye contact with 15-degree accuracy at a distance of up to 33 feet, so even a simple glance from someone in passing will be tallied into the score."

I can certainly speculate that this technology will evolve in a way that it will be able to tell whether it was a male, or a female that looked at it, and if data from local stores gets syndicated to tell the system the prospective customer took notice of the store itself, it would provide the marketers with enough confidence to SMS you a discount offer valid in the next couple of hours only while you're still somewhere around a local store.

The convergence of surveillance technologies is a fact, and what's measuring the ROI of a marketing campaign to some, is an aggressive privacy violations for others. But as we've already seen the pattern of such technologies around the world, first they get legally abused, then customers suddenly turn into vivid privacy activists, to later on have the option to opt-in and opt-out so that everyone's happy.