Modern malware attacks are dominating the headlines and most of the focus is directed at the impact of an attack, the potential data loss factor or oftentimes the suspected perpetrator.  An important element to understanding the full spectrum of these attacks is to understand the modern malware ecosystem.

Malware Developers- At the forefront of modern malware is the malware developer.   The developer is in essence the software writer who engineers and designs the malware platform and the command-and-control infrastructure.  The malware developer creates the communication flow for the command-and-control servers and has a strong understanding of how to develop malware and malware supporting infrastructure that is optimized to avoid detection.

The end product of the malware developer is often a malware toolkit which is supplied downstream to distributors and associates who use the tool kit to engineer variant versions of the malware for field use.  These toolkits are available for purchase from anyone willing to meet the asking price.

Malware Distributors- Malware distributors procure the malware tool kits from the malware developers.  Malware distributors drive the demand for malware and are constantly looking to satisfy their appetite for innovative modern malware that can stay ahead of the detection, containment and remediation curve.

Malware distributors are in constant competition with each other.  In fact, oftentimes malware distributors will try and take-over each other’s command and control infrastructure and leverage a rival’s bot-network their own purpose.  Malware distributors are constantly trying to avoid detection from authorities and other malware distributors.

Malware Associates- Malware associates are the delivery mechanism for infecting targets with the actual malware.  Malware associates are hired out or contracted by the malware distributors to infect users and systems as possible.  The Associates are compensated by the malware distributors based on the number of systems that they can infect.  The more users that are infected, the more money the malware associate is paid.  In addition to the number of users, malware associates earn more money by infecting higher value targets.

With the modern malware ecosystem alive and well the demand for malware that can avoid detection and stay ahead of the containment curve continues to grow.