Yet another publicly available DIY malware dropper this time courtesy of German compared to Russian malware crews, whose releases on the other hand are starting to live in a "high profit margins only" product/service business model, thus introducing
propriatery malware tools like the ones I've discussed in a previous post. Why would a malware crew member release such a tool for free? Respect, ego, quota of tools released to meet in order to remain inside the team? Could be, but on several occasions such freely available tools get backdoored too, like just the source codes for popular malware kits.
You often hear that
anti virus software is dead, that vendors end up their with quarters with meaningless percentage increases in every malware segment, meaningless in respect to the DIY trend. The idea has its pros and cons, no doubt about it, however it should orbit around different research questions such as :
- which AVs are more ineffective, the ones which are not running due to the process list of each and every anti virus software now easily integrated within each and every malware dropper and malware tool in the wild?
- or the ones whose often static update locations online get blocked by a malware in in order to prevent its detection supposedely to come in the next signatures update?
Here're
related overviews of malware tools.
It is logical to consider the possibility that once a malware author starts evaluating the benefits out of releasing a malware in an open source form, malware exploitation kits can also build communities around them. Since August, 2007, Chinese hacking groups can freely enjoy "the benefits" of IcePack's and MPack's malicious economies of scale attacking approach in the combination of a brain-damaging Keep It Simple Stupid exploitation tactic in the form of serving exploit URLs, which get automatically embedded via a web application bug, or via automated remote file inclusion enabled web site.
Let's once again emphasize on the research question of wouldn't such malware kits and tools have a higher value if kept private, and why someone release them in the wild? Couple of months ago, the tools themselves were used as a bargain for improving the UVP (unique value proposition) on a large scale, that's of course until they became a commodity. From my perspective, all warfare is based on deception, especially infowar, namely, if the idea of embedding an exploiting serving URL at a popular site in order to infect all of its visits becomes a commodity as an attack tactic, at the end it will be the ones whose fast-fluxing, javascript obfuscation, and timely crypting and rotating the malware binary skills will put them in a market leader position, where the new entrants, the ones cheering for having access to such tools will make the headlines, like the default malware kit installation wannabies they are. 
By ensuring that the market segment for malware in this case, has many participants and is not concentrated and operated by a few over-performing groups is a highly beneficial from the perspective of the most skilled and advanced groups continuing their operations in between the noise generated by the rest of market challengers. Now Playing in Cyberspace - "The Revenge of the Chinese Script Kiddies".
