There are probably several new
malwarevariants out per hour somewhere around the world, but only a small fraction have impact.What distinguishes the truly effective malware from the great unwashed malware masses?
Here, then, are what separates them: The 7 habits of highly-effective malware, the characteristics that make malcode successful. Thanks to Julio Canto of Hispasec Sistemas Lab, operators of the invaluable VirusTotal service for helping with the list.
- Trick the user. Make them think the program is something they really want to run.
- Obscure your code. Use packers and other tricks to make the program difficult to analyze.
- Make it as light as possible in terms of size to make the moment of infection faster.
- Make it as stealthy as possible so as not to make the user suspect because 'my
computerruns slow' or 'what is this process?'
- Have as many anti-debug and anti-vm tricks as possible, to avoid today's malware analysis automations. In the end, it will be detected but many hours of not being detected means more time to spread unimpeded..
- Make it as flexible as possible. The more tasks it can do, the more profit you can get (password stealing, spam sending, ddosing, click fraud, etc). Typically, it can even be updated to do different or better tasks.
- Manage with a bullet-proof Internet infrastructure for handling the malware operation. This is important, and sadly easy. There's more than enough countries and ISPs that don't care very much about people like you and it takes ages to shut down a malware site.