Malware Reports

The malware reports cover a variety of issues and code samples. These features are the core of the infectionvectors.com research offering; providing in-depth examinations of technical issues in very readable reports.

Winter 2006: Beagle's Second Anniversary (PDF)

The Beagle worm, with a professional ethic to rival many legitimate software outfits, has defied the odds and remains in business after two full years. And to be sure, these aren’t two years spent on the bench, staying off the field to avoid injury. The Beagle worm and its related malware have been infecting machines, harvesting personal data, and making revenue (if not a healthy profit) for its authors. This report continues the previous research and analyzes the releases since May of 2005.³ Specifically, this portion of the paper focuses on release trends with the worm.

Fall 2005: Vector Report 2005 (PDF)

This year's Vector Report aims at the attacks over 2005 - which were awfully light in terms of worm threats. The bulk of the attacks came from email-based malware, just like 2004 and just like 2006. 

Summer 2005: Shoot the Messenger: IM Worms (PDF)

Instant Messaging (IM) has rapidly gained popularity, making it an attractive medium for malware coders. IM worms have so far been much slower to propagate and gain widespread success compared to their mass mailing cousins. Nonetheless, IM-based malware is a threat to all organizations and should be addressed by both policy and technical safeguards. IM-founded malware carries the same potential for compromising data as any other malcode (and has adopted the tactics of more successful varieties exceptionally quickly). This paper examines the development and importance of IM worms.

Spring 2005: The Mytob Infantry: Balancing the Malware Equation (PDF)

Every malware author has to decide what their particular marketing strategy is going to be, especially true for professional coders hoping to cash in on their creation. Mytob, a combination of mass mailer MyDoom and IRC-bot SdBot, takes its own special path to that end. The worm and its overall infection strategy, not just infection vectors, are examined in this report.

Spring 2005: Phishing Trip Part 0: Email Crime (PDF)

A report that is best suited at the beginning of the series, this paper hits email-based crime in multiple forms, but all of which employ social engineering to entice a user to play along with the scam. Email-borne fraud and malware distribution is one of the most common occurrences on the Internet, one that threatens e-commerce and every home web surfer with the ever-profitable business of compromising computers and stealing personal data. This paper examines the nature of email-based crime and details a few specific examples of existing threats.

Spring 2005: Phishing Trip Part 3: Liability (PDF)

Where does the corporate responsibility to protect consumers end? Where does it even begin? This report looks at current liability issues, the trends in phishing that shape it, and how advances in online fraud may affect Internet-based commerce.

Winter 2005: Year of the Beagle: Beagle History Part III (PDF)

In the last part of the Beagle History trilogy the "business of Beagle" is explored: from the spam relays through targeted attacks that attempt to lift bank account data from unknowing users. Part III begins with the development of the worm's latest iterations and then examines Beagle's widespread success and the means by which it can generate tremendous profit for its authors.

Winter 2005: Phishing Trip Part 2: Phishing Defense (PDF)

Every organization has a responsibility to protect users from fraud, whether its the largest online bank or a family with a single PC. This follow-up report takes a peek at a few tools that can help defend a user against the ever-improving phishing attacks and the best tool of all: education.

Winter 2005: Phishing Trip Part 1: Washington Mutual (PDF)

Email fraud, aka phishing, affects nearly every Internet user. Scammers are using more and more tricks to entice victims into turning over sensitive personal data. Information is the best weapon against these criminals as the tactics and tools they use change rapidly. This report provides a framework for identifying scams by looking at examples that target Washington Mutual account holders. From here, information assurance groups (and concerned individuals) can begin educating their users.

Based on additional unique samples received just after publication, a special Addendum was added to the web only, as was the final chapter Back Again. Both of these entries examine unique pieces of the WaMu-based scams since the report.

Autumn 2004: Beagle Lessons 2 (PDF)

Submitted to the SecurityFocus.com library, the second part of the Beagle Lessons paper is now available after requests from multiple readers. This report examines the History from April 21, 2004 until August 30, 2004, an explosively successful period for the Beagle worm. Beagle continues to compromise boxes around the world, creating an ever-growing drone network at the code author's disposal. Lessons 2 looks at the impact of the Beagle worm since its creation and what may be ahead.

Summer 2004: Agobot and the "Kit"chen Sink PDF

Agobot has plagued an uncountable number of machines, turning them into just another zombie in someone's bot net. It makes a fascinating study not only because of its remarkable success and feature set, but also due to its public availability. 

This paper evaluates the threat of Agobot-derived variants by examining the development of the virus, the release of the source code, and a few of the specific iterations. This analysis places the Agobot code in the category of “virus kit.” From this categorization, Agobot is presented as possibly the most successful kit virus in history, not because of the sheer number of variants or hosts it has infected, but because of the adjustments in virus defense it has required.

Spring 2004: Beagle Lessons (PDF) 

The success of the Beagle worm is largely founded in the author's dedication to constantly improving his/her product. This detailed report examines the first three months of Beagle's development, the great success it has achieved, and what it means for Internet users and security professionals everywhere.