Malware reaches new heights

Private computers around the world are being infected by malware on a daily basis. Some immediately wear a glazed expression and succumb to the will of their new master – a botnet operator. Others suffer from minor effects.

But this amusing news piece takes malware to a new height. 350 km high, to be exact.

Wired reported (http://blog.wired.com/27bstroke6/2008/08/virus-infects-s.html) that several laptops residing in the International Space Station were infected by malware that grabs passwords for some Asian online games.

Harmless as it may be, it just goes to show that very few computers on earth – er, correction – very computers, period – are immune to these sneaky little programs designed to spy on unsuspecting victims.

How the laptops were infected isn't clear – NASA claims they are not connected directly to the Internet – but as long as I'm discussing this point, let me touch the issue of infection.

For financial fraud to succeed, you need to reach to the masses. When it comes to Trojans, the best practice is to use an infection service.

In their brilliant blog piece (http://www.rsa.com/blog/blog_entry.aspx?id=1314), the RSA FraudAction Research Labs talk about the rise and fall of one particular infection service named Neosploit. Considered state-of-the-art in exploiting vulnerabilities, Neosploit was a shining star for a long while, the best friend of many fraudsters specializing in credential harvesting via Trojans, until it recently imploded.

Other infection kits and services are already taking its place. Gpack, Icepack and Firepack are some of the incumbents. Their basic function is to spread your payload – a financial Trojan – to as many computers as possible.

This is done these days primarily through planting malicious code in third party websites, and then perform 'drive by infection' – you visit the infected website, and because your own PC is not 100% protected and patched, it downloads the payload.

The price for a kit you install yourself is $100-$200. If you don't have technical expertise and would rather have a service, some helpful vendors offer a pay-by-infection scheme. If you're happy for your payload to be part of an omnibus infection, then $500 will buy you 10,000 infected machines; if you're more snobbish than that and don’t want your precious Trojan to swim around with other malware piranhas on the same PC, an exclusive payload distribution will cost about four times that price.

Going back to the original title, there's nothing new under the sun. At sea, in the air, on the ground and now also in space, malware is here to stay.