When it came to the malware delivered by Magnitude, the kit's stats shows that there were 211 unique malware samples in rotation, and each victim could get five or six of them.
While some of the malware may be from the same family (e.g. Zeus), the signatures were different. Using VirusTotal, only 85 of the samples had detections registered. The other 126 samples were completely unknown at the time they were scanned.
To give an idea of the types of malware delivered to the victim (outside of the Zeus family of malware) the most recent Magnitude campaign observed used the following:
- Alureon (TDSS), a known Trojan that targets financial data as well as usernames and passwords
- CryptoWall, a known Ransomware family and source of Magnitude's financial stability
- Necurs, another Trojan that attempts to disable AV software and download additional malware
- Nymaim, a backdoor that injects itself into running processes
- Simda, another backdoor that attempts to kill security software
- Tepfer, an information stealing application that targets usernames and passwords
- Vawtrak, a backdoor that injects itself into the browser and can provide control to the attacker, as well as target banking credentials
A criminal's business model:
"It was impressive to see how mature the cybercrime industry as become. In a way it's a negative reflection of legit business," Mador said, offering his initial reaction to what he learned about the kit's operation.
The bulk of Magnitude's success comes from its scalability. The person behind Magnitude can run the entire operation from a single server if need be. Yet, in order to keep things undetected, and to increase the overall odds of a given campaign's success, the infrastructure can be scaled up or down, at will.
When it comes down to it, be it a single server or eight of them working together for a single campaign, Magnitude could be a glimpse of what's to come in the world of Web-based crime.
Trustwave has said that additional details on Magnitude, as well as other related threats, will be added to their interactive Global Security Report, scheduled for release later today.
Sign up for Computerworld eNewsletters.