Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Saturday May 11 2019, @01:00AM   Printer-friendly
from the #include dept.

Source Code Discovery Sheds Light on the Business of Malware

[...] Beyond the sophistication of the malware in question, and the length of time it remained undetected, the source code itself revealed an interesting and, for security professionals, somewhat worrying approach to the development of its core product, which borrowed from modern DevOps theory. 

[...] It’s important for APT success, therefore, that malware is written in such a way that it can be easily given to any member of the team with the assurance that they’re able to produce a product of the same high quality that a campaign’s creators have come to expect. If those creators want to scale up their campaigns, they must ensure that any new team member is able to quickly and easily get to grips with the task at hand. 

Analysis of Carbanak’s source code revealed a series of features that would allow it to be iterated by a team of developers in just this way, removing the risk of being hindered by single points of failure, such as a key malware engineer being off sick or moved onto another task. Essentially, it was a highly effective software assembly line.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.