Malware Authors Learn Market Segmentation From the Best 49
Earthquake Retrofit writes "The Register has a rather funny story about the Zeus botnet: 'The latest version of the Zeus do-it-yourself crimeware kit goes to great lengths to thwart would-be pirates by introducing a hardware-based product activation scheme similar to what's found in Microsoft Windows. ... They've also pushed out multiple flavors of the package that vary in price depending on the capabilities it offers. Just as Windows users can choose between the lower-priced Windows 7 Starter or the more costly Windows 7 Business, bot masters have multiple options for Zeus.'"
Version 1.4 (Score:5, Interesting)
I'm a little surprised Zeus is only adding dynamic executables with version 1.4. This malware kit has been around a while and software has been doing this kind of thing since the very beginning. Maybe it tells us that a lot of Zeus' victims lack any kind of working AV? Or maybe it tells us that with things like Security Essentials being free and popular they're more worried about AV as a threat to their business?
I will say that a binary that changes its self every execution becomes very hard to detect unless your software really understands how a program is running from a mechanical standpoint. Even then you could still embed a dynamically encrypted package into another process's address space and decrypt it there.
Ultimately however it still comes down to the simple fact that there is one layer of defence on modern PCs and once that is bypassed you might have well reinstall your OS.