Researchers Claim Malware Rises Modern Equivalent To 'Troops On The Border'

Aug 13, 2014

In terms of usefulness, we typically think of malware as somewhere between a volcano eruption and the ebola virus - but researchers from security firm FireEye have developed a technique by which the spread of malware could predict upcoming world conflicts.

According to researchers who monitored millions of malware messages sent over the past 18 months, the amount of communications sent by malware programs spiked dramatically in the lead-up to the conflict between Russia and Ukraine over the future of Crimea.

A similar spike was seen in malware attacking Israel in the days before its recent hostilities with Hamas in Gaza, the team reports.

The FireEye study drew on data collected from more than 5,000 corporate and government clients around the world. The software used by the researchers captures so-called "callback" messages that malware sends once it's ensconced inside a network — these messages, in which the malware "phones home" are usually either reporting its status to its controllers or picking up new commands. FireEye used those messages to determine the location of the computer controlling the malware.

Even though malware writers often disguise their location by routing callback messages through different locations, this isn't always the case – so over large enough data sets, accurate patterns emerge.

Digital Equivalent Of 'Troops On The Border'

One of the more interesting findings of the study was that much of the Israeli malware that phoned home was installed on computers in the United States and Canada.

"You have an indication that maybe Israeli national security organizations are leveraging infrastructure in Canada and the US," said Kenneth Geers, who worked on the project.

"In the run-up to the Crimea crisis, you saw a rise of malware callbacks in both Russia and Ukraine," he added.

Many countries are now using malware to both gather intelligence and actively attack targets in hostile countries, says the firm.

"If the U.S., or Korea, or Japan was about to go to war, you would see a bump in callbacks—it's just part and parcel of today's national security undertakings," Geers said.

"We can see the digital equivalent of troops on the border," Kevin Thompson, a threat analyst for the company, told the press.

"But we'd like to look back at a whole year of data and try to correlate with all the world events in the same period."

Author: Paul Cooper
View the original article here.
Published under license from ITProPortal.com

Comment