A new discovery by Eli Marcus, a researcher with RSA Research, is getting some web security professionals a little worked up. According to Marcus, he and his team have discovered a new piece of malware that has more than 25,000 lines of code. They’ve named the malicious software Pandemiya.
In many ways, Pandemiya isn’t unlike other malware. It makes use of the CreateRegistry API, infecting every new registry entry that is created thereafter. In this way, Pandemiya can set up its own sort of exception in the Windows security registry, ensuring that nothing flags it as being a foreign, hostile piece of software.
The differences between Pandemiya and the malicious software from before, however, make it a much more dangerous problem, at least potentially. First off, unlike previous malware, Pandemiya uses 25,000 lines of new code. For the most part, most malware is just a riff on earlier versions, and that makes it easy to track and kill. Pandemiya’s developer also gives its users — yes, people purposely use this — the ability to use plug-ins in concert with the software. Users can set up an FTP stealer or a PE infector. They can also set up a reverse proxy, a type of server that retrieves information from other servers, transferring it back to whomever requested the info. This could be an extremely powerful tool for stealing personal information. Luckily, Pandemiya, at least for the moment, is both relatively easy to remove and not widespread.
True Security on the Web is Increasingly Rare
Pandemiya’s existence, while troubling, can certainly not be said to be surprising. The first six months of 2014 have seen a number of web security issues brought to light. Heartbleed, a hole in the almost universally used SSL security protocol, put some of the biggest names in eCommerce, from Amazon to Paypal, at risk of being hacked. Today, according to a recent report from Business Insider, the issue still isn’t fixed, with over 300,000 servers still vulnerable.
The fact of the matter is that creating viruses and other malware that can be used to infiltrate protected systems or otherwise suck up private data is big business. Pandemiya’s developers are selling versions of the malware for up to $2000 — that’s small potatoes when you look at what can be gained from stealing corporate secrets. That’s why, as the 2013 Cost of Cyber Crime Study from Ponemon Institute shows, cyber crime is costing businesses 30% more now than it was this time last year. On average, a cyber attack will now cost a business $7.22 million for a full recovery. So long as the internet continues to evolve to be the hub for all information, it’s unlikely that these costs will dip anytime soon.
Have you ever been hit with a particularly damaging piece of malware? Share your experience with us in the comments below!