U.S. flag

An official website of the United States government, Department of Justice.

Examining the Creation, Distribution, and Function of Malware On-Line

NCJ Number
Bill Chu Ph.D.; Thomas J. Holt Ph.D.; Gail Joon Ahn Ph.D.
Date Published
March 2010
183 pages
The global adoption of the Internet has engendered the growth of significant threats from computer criminals around the world using malicious software (malware), including a new form called "bots", to automate attacks and enable multiple forms of cybercrime.
Computer crimes are costly, and many appear to be perpetrated by computer hackers in foreign countries, particularly Russia and Eastern Europe. These attackers often use malicious software (malware) to automate attacks and enable multiple forms of cybercrime. Malware takes over an infected computer, allowing it to receive commands remotely. Bots are custom programs, but are also bought and sold in virtual markets. Researchers have, however, only begun to explore the prevalence and origins of this form of malware and its potential as an attack tool. Thirteen quarentined bots were analyzed to determine their utility and function in a simulated computing environment. The findings suggest that these bots had a significant impact on system functionality by changing system protocols, including adding and removing files, and attempting to connect to command and control IRC servers. The sale of bots and malware on the online black market was examined using a sample of threads collected from public web-forums. The findings suggest that a virtual service economy has developed around this market, in addition to credit card and identity documents. Though malicious software takes some skill to create, selling and offering access to malware programs enables hackers of any skill to participate in attacks ranging from Distributed Denial of Service attacks to spam. As a whole, this study demonstrates the key role that bots and other malware play in the facilitation of cybercrime. Thus, there is a significant need to disrupt botnets and the markets that facilitate the distribution of malware and hack tools. References and appendix

Date Published: March 1, 2010