• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

What’s Old Is New Again: Why Hackers Reuse Malware

November 20, 2017 By The Editor

Trash Recycling

The dramatic increase of malware over the last five years might lead people to believe the Internet is being flooded by new malware. But, the reality couldn’t be further from the truth. Yes, there’s a ton of malware out there, but most of it is actually a Frankenstein-version that consists of chunks of code that have been pieced together from existing malware or publicly released vulnerabilities and tools. Marc Laliberte, one of WatchGuard’s threat analysts, recently wrote a column for Help Net Security explaining why hackers are so keen to recycle malware.

In short, he explains that hackers reuse malware code because it saves time and lets them focus on other ways to improve their malware, such as code obfuscation and detection avoidance. Hackers also reuse many attack methods like spear-phishing and malicious macros because they’re effective. And, there are many examples of prominent pieces of malware that are recycled or based on earlier strains. For example, here’s an excerpt from Marc’s article where he discusses the Reaper botnet.

(Reaper) borrows basic code from the incredibly effective Mirai botnet. The author of Reaper appears to have used Mirai as a platform, on which they built much more effective methods for both exploitation and launching attacks. Reaper’s additions to the Mirai source code include active exploitation of known IoT vulnerabilities and the use of the LUA programming language, allowing more sophisticated attacks than simple DDoS.

Hackers will also incorporate exploit code into their malware when it’s made public. Some of the exploits from the NSA dumps, carried out by the self-styled hacking group Shadow Brokers, were used in the NotPetya and WannaCry ransomworms less than a month later. Hackers also regularly use publicly released code intended for the security research community (such as the EDA2 and Hidden-Tear ransomware) and security pen testing tools like Mimikatz and Metasploit.

Want to learn more about malware reuse? Read Marc’s complete article on Help Net Security or learn more from this other recent Secplicity post. 

Share This:

Related

Filed Under: Editorial Articles, Featured

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • CISA Warns of Weaponized RMM Software
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Report Roundup
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use