ZDNet: Why malware authors don't need to try

/Home/Internet Security: Articles/Internet Security: ZDNet/ZDNet: 2012

We often assume that malware writers are the sort of evil geniuses who work tirelessly to exploit unheard-of or secretly hidden backdoors in order to make a quick dollar or use your computer's resources for their own means. But recently, it feels like they haven't even been trying that hard.

By Michael Lee
April 18, 2012

On the back of Flashback, we saw another piece of malware, SabPab, that exploited the same Java vulnerability. Then, it wasn't long before a variant of SabPab was released, and Intego noted that SabPab's authors had begun to use Word documents to deliver their payloads. Strangely, the Word vulnerability that it used to spread itself was patched in 2009.

Although Kaspersky considers SabPab to be an advanced persistent threat, which usually indicates a high-level über hacker, I'm more inclined to see it as the work of someone who is relying on their victims being clueless about security. Why? Well, other than the ability to humiliate your victims for falling for such an old vulnerability, why would you pick one that is expected to have been patched?

I think the answer is that the authors are banking on users not bothering to patch, even though it's expected of them.

Click the URL above to read the full article