Boutique Malware – Custom made attacks on e- business Jonathan Juin Yang Pan and Chun Che Fung School of Information Technology, Murdoch University, Perth, WA Jonathan.Pan.JY@gmail.com l.fung@murdoch.edu.au Abstract—Malware are typically known through extensive publicity in the media when incidents such as infection by Conficker on the computers around the globe. Such Malware infects all who are vulnerable to its bite. However there is another form of Malware lurking which is not reported in any media, nor does it attack everybody. It targets only specific individuals and organizations. This form of Malware is seeking to achieve focused objectives rather than to drawing fame onto itself. The Malware is able to circumvent even the best practices used in security defences. Anti-Malware solutions are available but can be ineffective against them. The development approach to such Malware has evolved towards a bespoke development. Investigators and analysts of Malware face a great challenge in studying and combating against these Malware. This paper serves to expose such practices and to initiate discussions and strategies in order to develop counter-measure solutions that are urgently needed in the world of e-Business before the community is totally succumbed by this type of Boutique Malware. I. INTRODUCTION Malware is becoming a major problem to the global computing community - from users around the world to astronauts in space. Most Malwares are used by cybercriminals to conduct their criminal activities. According to FBI, the global hacker’s economy is worth more than USD 10 billion annually [1] and Malware is a key contributor to this economy. In order to manage this malice and its negative impacts, there are numerous defensive approaches that organizations would typically adopt in order to safeguard their IT assets. There are the anti-virus solutions, intrusion detection and prevention systems, and other forms of layered security measures. However, there is an arsenal from the cybercriminal community that seems to be giving them an advantage. Unlike notorious mass attacks induced by highly publicized Malwares, this new form of Malware is conducting discrete attacks on specific organizations or individuals. Their goal is to minimize publicity in order to achieve their malicious intent on specific target or targets. The trend towards using such targeted Malware is growing from year to year. It started notably in 2005, with a number of reported attacks made to government organizations [4]. In 2008, more targeted attacks were launched. An example is an attack made against Hannaford Bros [5], grocery stores in New England USA. Four million of their credit and debit card numbers were stolen by a Malware developed specifically for them and to circumvent their security measures. According to a research group, such targeted Malware attacks is becoming a norm now [32]. A new definition for such form of Malware is called Advanced Persistent Threat (or APT) which takes its root from the military sector [33]. This form of Malware is a notable change from the ‘write-once-attack-all’ approach that seeks to infect as many as possible towards a ‘write-once- attack-one’ approach of where damage caused from the cyber assault is focused. An analogy to conventional weaponry would be smart bombs over conventional bombs. In this paper, this form of Malware is termed as “Boutique Malware” as we are looking specifically into its focused attributes. In this survey paper, the notable characteristics are discussed in the next section. The subsequent section, Section III, will look into the effectiveness of the current countermeasures with recommendations proposed. This is then followed by the research advancement considerations and finally the conclusion. II. BOUTIQUE MALWARE Boutique Malware has a number of unique characteristics when compared to conventional Malware. It has the following features: a. Targeted strategy b. Bespoke development approach c. Narrowly focused approach to infect the targeted d. Customized attack techniques used to suit environment A. Targeted Strategy Today, records show that only amateur hackers are getting caught by the police [1]. Professional cybercriminals are using subtle approaches in their Malware infections and attacks. They are kept intentionally elusive to stay below the radar of the security and law enforcement communities. To stay totally evasive as long as possible is a key objective [2]. It would be a mission failure if the Malware gained fame and publicity. The Malware also is required to slip through cracks found in the multiple layers of defences to get to its target. Mission goals are typically financial gains or politically motivated objectives rather than fame. Boutique Malware focuses on specific targets. They include government entities [18], schools [13], banks [7], military organizations [14], political entities, [15] corporate CEO [16] and other high salaried workers at selected corporations [17]. Such Malware also targets specific type of users that are associated with the targeted organization. An example is the customers doing online banking with specific bank or banks [19]. The 9th International Conference on e-Business (iNCEB2010) November 18th – 19th, 2010 108