Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

A Look at the Ten Largest Malware Delivery Networks

Just like any business, cybercriminals need to be ready to respond to incidents and events that can be beneficial to their businesses. For cybercriminals utilizing malware as a tool of choice for their dark-sided business, ongoing delivery and spreading of their malicious software is critical to a successful and profitable operation. Malware Delivery Networks are a key component of cybercriminal success, and key component in the the malware supply chain.

Just like any business, cybercriminals need to be ready to respond to incidents and events that can be beneficial to their businesses. For cybercriminals utilizing malware as a tool of choice for their dark-sided business, ongoing delivery and spreading of their malicious software is critical to a successful and profitable operation. Malware Delivery Networks are a key component of cybercriminal success, and key component in the the malware supply chain.

Malware delivery networks are typically hosted across multiple sites to help evade detection by reputation analysis, and are responsible for launching dynamic attacks on unsuspecting users, often on trusted and reputable sites.

Managing the infrastructure of malware delivery networks requires time and effort in order to be prepared for a news break or celebrity event that catches our attention, a tactic that user to lure requires a malware network that is ready to attack curious Web users looking for information on a trending topic.

In its recently released 2011 Mid-Year Web Security Report, Blue Coat Systems highlighted the 10 largest malware delivery networks. These ten networks are just fraction of the nearly 400 unique malware delivery networks watched by Blue Coat Security Labs during the first half of this year.

Top Malware Delivery Networks

According to Blue Coat, “Shnakule” was the leading malware delivery network, both by size and effectiveness in the first half of 2011. On average during that period, Shnakule had 2,000 unique host names per day with a peak of more than 4,300 per day. It also proved the most effective in terms of luring users in, with an average of more than 21,000 requests and as many as 51,000 requests in a single day. Shnakule is a broad-based malware delivery network whose malicious activities include drive-by downloads, fake anti-virus and codecs, fake flash and Firefox updates, fake warez, and botnet/command and controls. Interrelated activities include pornography, gambling, pharmaceuticals, link farming, and work-at-home scams.

Not only is Shnakule far reaching as a standalone malware delivery network, it also contains many large component malware delivery networks. Ishabor, Kulerib, Rabricote and Albircpana, which all appear on the top 10 list of largest malware delivery networks, are actually components of Shnakule and extend its malicious activities to gambling-themed malware and suspicious link farming.

Malware Delivery Network

How does Malware Spread? From what Blue Coat observed, in the first half of 2011, search engine poisoning was the most popular malware vector.  With nearly 40 percent of all malware incidents, Search Engines and Portals were the entry point into malware delivery networks during the period. 

“Web-based malware has become so dynamic that it is nearly impossible to protect every user from every new attack with traditional defenses,” said Steve Daheb, chief marketing officer and senior vice president at Blue Coat Systems.

Advertisement. Scroll to continue reading.

Blue Coat’s report examines the interactions of malware ecosystems, including user behavior, malware hosting sites and delivery networks and is available in PDF format here. The data in the report comes from over 75 million users of its WebPulse collaborative cloud defense solution, which rates and analyzes nearly 3 billion real-time URL requests per week. 

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.