Simple Malware Makes the Rounds
Malware creators are devising increasingly sophisticated ways of compromising their targets, as illustrated by the devilishly clever Stuxnet worm, which has been wreaking havoc in Iraq's nuclear facilities over the past few months.
But malware doesn't have to be complex, as victims of the recent spate of "boy in the browser" (BitB) attacks have discovered. Dubbed BitB attacks because they are far less sophisticated and mature than full-blown "man in the browser" (MitB) Trojans, they work using the old trick of modifying the victim machine's hosts file. Adding a single line to this file can reroute traffic for a specific Web address – usually a bank – to a replica site hosted on a machine controlled by the malware author. "BitB is suitable for a quick, low cost sting operation while MitB is suitable for long lasting complex and high budget operations," says Rob Rachwald, a director at security outfit Imperva.
For hackers, the beauty of BitB attacks is that they are simple to write – no complex hooking or device driver code is required – and they can easily be modified to avoid anti-virus signatures. The BitB malware can also delete itself after modifying the hosts file, so it can't be detected later by a virus scan with a matching signature. Once gone, the only way to detect that the malware has infected a machine is to examine its hosts file: on most systems it should be empty, but if it includes the domain name of a bank, preceded by an IP address in somewhere like Russia, China or Romania, then it's a get bet that you've had a visit from a malicious young man.
