Who creates malware and why?

Let us first answer the main question. Who benefits from it? Why have computers, networks, and mobile phones become carriers of not only useful information, but also a “habitat” for different malicious programs? It is not difficult to answer this question. All (or almost all) inventions, mass use technologies have, sooner or later, become a tool of hooligans, swindlers, blackmailers and other criminals. As soon as there is an opportunity to misuse something, somebody will definitely find new technologies and use them in a way that was not intended by the inventors, but in an altogether different way – for their own interests or to assert themselves to the detriment of others. Unfortunately, computers, mobile phones, computer and mobile networks have not escaped this fate. As soon as these technologies started being used by the masses, the bad guys stepped in. However, the criminalization of these innovations was a gradual process.

  • Computer vandalism
  • Petty theft
  • Cybercrime
  • “Grey” business
  • Computer vandalism

In the past the majority of viruses and Trojans were created by students who had just mastered a programming language and wanted to try it out, but failed to find a better platform for their skills. Up to present time writers such viruses were seeking only one thing – to raise self-esteem. Fortunately, a large part of such viruses have not been distributed (by their authors) and shortly viruses “died away” together with the storage disks or authors of viruses sent them only to anti-virus companies with a note that the virus would not be further transferred.

The second group viruses-writers also includes young people (often – students), who have not yet fully mastered the art of programming. Inferiority complex is the only reason prompting them to write viruses, which is compensated by computer hooliganism. Such “craftsmen” often produce primitive viruses with numerous mistakes (the so-called “student viruses”). Life of such virus-writers has become much simpler with the development of Internet and emergence of numerous websites training how to write a computer virus. Web-resources of this kind give detailed recommendations on how to intrude into the system, conceal from anti-virus programs and offer ways of further distribution of a virus. Often ready original texts are provided, which require only minimal “author” changes and compilation as recommended.

When older and more experienced, many virus-writers fall into the third and most dangerous group, creating professional viruses and lets them out to the world. These elaborate and smoothly running programs are created by professionals, not infrequently very talented programmers. These viruses often intrude into data system domains in very unusual ways, use mistakes of security systems of operating environments’, social engineering and other tricks.


Roaming Mantis uses DNS hijacking to infect Android smartphones

In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. During our research we received some invaluable information about the true scale of this attack, we decided to call it ‘Roaming Mantis’. Read Full Article


DDoS attacks in Q4 2017

Q4 2017 represented something of a lull: both the number and duration of DDoS attacks were down against the previous quarter. At the same time, the increase in the number of attacks on honeypot traps in the runup to holiday sales indicates that cybercriminals are keen to expand their botnets at the most opportune moment by pressuring owners of online resources and preventing them from making a profit. Read Full Article


IT threat evolution Q3 2017

Our growing dependence on technology, connectivity and data means that businesses present a bigger attack surface than ever. Targeted attackers have become more adept at exploiting their victims’ vulnerabilities to penetrate corporate defences while ‘flying under the radar’. Read Full Article


DDoS attacks in Q3 2017

In the third quarter of 2017, we registered a considerable increase in the number of both DDoS attacks and their targets. Traditionally, China is the country with the largest number of attack sources and targets. It was followed by the United States and South Korea. The popularity of Windows OS as a basis for creating a botnet has fallen noticeably, while the share of Linux-based botnets increased proportionally. Read Full Article