Cyber-criminals are starting to resemble the legitimate software industry to such an extent that they even pre-test malware applications for effectiveness before rolling them out.
That is according to PandaLabs, which has found forums on which criminals hook up with one another to push ahead with development of applications which can be used to test their creations against known security products.
In a blog, the company analyses several of the malware-testing applications it has found to be in use recently, including the particularly effective KIMS, Scanlix, and Multi-AVs Fixer. Either tool can tell a malware author whether their application would be detected by one or more of a large range of anti-virus products.
The main disadvantage of these is that they require a full copy of the security programs to be present locally, an onerous task given that this means having 15 or more programs installed at any one time in order to cover the field.
Trialling a malevolent application against security products is useful for any malware author, mainly because even quite crude applications have to attempt to disable security to have any chance of working. But carrying out testing application-by-application is bound to be hugely time-consuming.
“Even if their creations were detected by one or two companies, they could still launch them, as they would affect all users with different security technologies,” said PandaLabs’ Luis Corrons.
“The tool [KIMS] is very similar to Hispasec’s legitimate Virus Total tool [a legitimate malware testing tool]. In fact, the increasing interest in these new tools coincides with the removal of the “do not distribute the sample” option in ‘Virus Total,’ which allowed files to be scanned without sending the sample to security companies,” said Luis Corrons.