January 12, 2012    /    by

Shnakule Malware Network Reshapes Views on Cyber Crime

A highly sophisticated malware network called "Shnakule" has recently been singled out as increasingly dangerous. Many security firms are rapidly reacting and even changing their views on cyber crime operations as a result of new information.

A highly sophisticated malware network called "Shnakule" has recently been singled out as increasingly dangerous. Many security firms are rapidly reacting and even changing their views on cyber crime operations as a result of new information. The Shnakule operation employs a massive network of servers to attack websites as well as compromise pages to exploit vulnerabilities and infect end user computers.

The Department of Homeland Security (DHS) Open Source Infrastructure Report, which happens to be a very good resource for cyberecurity pros to check and review daily, posted a link to this United Kingdom (UK) article on January 10. I urge readers to take time to learn more on Shnakule. Here’s an excerpt from the UK article:

  “Shnakule spans a number of attack vectors and is believed to have been used for multiple attacks, with active servers ranging from hundreds to thousands of systems at a time….

… He said the company's findings defy conventional knowledge of how malware and cyber crime operations work….

… Rather than looking to block attacks based on the individual activity of a site or domain, Blue Coat believes firms will need to take a wider approach and single out servers and domains that have been connected with malicious networks in the past….”

It is worth noting that the Shnakule malware network is not new in 2012. Blue Coat issued this press release back in September 2011.  

Back on July 6, 2011, Blue Coat issued this piece which called Shnakule the most dangerous malware in the early part of 2011.

Here’s an excerpt from that report:

“For the first half of 2011, Shnakule was the leading malware delivery network, both by size and effectiveness. On average during that period, this network had 2,000 unique host names per day with a peak of more than 4,300 per day. It also proved the most adept at luring users in, with an average of more than 21,000 requests and as many as 51,000 requests in a single day. Shnakule is a broad-based malware delivery network whose malicious activities include drive-by downloads, fake anti-virus and codecs, fake flash and Firefox updates, fake warez, and botnet/command and controls. Interrelated activities include pornography, gambling, pharmaceuticals, link farming, and work-at-home scams.

Not only is Shnakule far reaching as a standalone malware delivery network, it also contains many large component malware delivery networks. Ishabor, Kulerib, Rabricote and Albircpana, which all appear on the top 10 list of largest malware delivery networks, are actually components of Shnakule and extend its malicious activities to gambling-themed malware and suspicious link farming.”

My point is that DHS is highlighting this article now in open source, which means that the threat continues to grow in 2012. Risk mitigation techniques are paramount against this type of large, complex, sophisticated threat. Government enterprises to need take this malware network threat seriously and react appropriately.

Any comments or expereinces to share regarding Shnakule?