forensics analysis of a botnet comprised of SpyEye and Carberp malware performed behavior profiling of it’s ‘slaved computers’ for an average time of 8 months.

In a new investigative report from Daily Safety Check ™, the average time before ‘activation’ of malware before committing cyber crimes – such as bank transfers, fraud and information theft – is 8 months.

A recent forensics analysis by Daily Safety Check ™ of a major botnet shows how current cyber-crime botnets place value on collect information using long-term surveillance before committing financial fraud and theft, contrary to the ‘quick smash and grab’ crimes that are commonly focused on by the computer security industry.

Criminals use basic law enforcement technique to watch computers and build a behavior and information profile on their users. “In this case, it’s not a numbers game,” says Jim McKenney, the computer forensics expert who did the analysis, “large malware infection rates look fantastic and garner headlines, but the projected size of botnets and their infection in the consumer computer ecosystem does not accurately capture the threat. This investigation reveals that building in-depth profiles has led to less attention and a higher value payout per event.”

The computer forensics analysis of a botnet comprised of SpyEye and Carberp malware performed behavior profiling of it’s ‘slaved computers’ for an average time of 8 months. During the eight months linkage analysis was used on people who used the infected computer, rated values assigned to activities with higher value activities classified as either One-Time-Event” (OTE) or “Modus Operandi” (MO), a complete profile generated and a confidence value assigned based on potential “crime signatures” established.

Higher values were assigned to people with strong serial relationships with their computers and online resources, as opposed to those who infrequently used them, or consistently repeated the same activities over time. “A strong serial relationship”, McKenney says, “is one where a person’s behavior is expressed with technology, not only day-to-day activities performed such as emailing friends or checking an account balance, but fantasies expressed – like that $3000 HD 3D TV sitting in my Amazon Wish List, or my travel alerts for St. Thomas.

The current security culture tends to focus on “one off” crimes of opportunity such on stealing Facebook credentials, making money transfers or stealing debit/credit card information as the threat. It also consistently tells us that the future will be better; that security and application vendors are getting better at correcting problems and fixing security issues; that over time security vendors will get better at protecting computer owners.

The Daily Safety Check ™, investigative report says otherwise. In fact, it provides evidence that once a computer is “owned” by a botnet, future anti-virus “updates” system and application patches and fixes do not provide substantial benefits to a consumer. In fact they often give the owner a false sense of security, leading to a higher compromise rate.

“Emphasis is the current computer security market is on preventing an intrusion,” says McKenney, “but there is little that users can do once their infected, unless they are monitoring for cyber-attacks.” Daily Safety Check ™, provides daily monitoring and real time updates of threats against cyber attacks, and alerts network administrators of weaknesses in user security.

For more information contact Jim McKenney, MBA, CISA, CISM, GSNA, GPEN at info(at)dailysafetycheck(dot)com.

###