AVG: 11 year-old creates malware


The profile of a new type of malware maker may not be what you expected. According to a new report released by security vendor AVG, children as young as 11 years old have been accused of writing malware. These are unlikely to be zero-day exploits or sophisticated rootkits, but rather Trojan software for the sole purpose of stealing passwords or other sensitive data.

"First of all, most of them are written using .NET framework (Visual Basic, C#), which is easy to learn for beginners and is easy to deploy," according to the Q4 2012 version of the AVG Community Powered Threat Report (pdf).

The report noted that this could be done using either Microsoft (NASDAQ: MSFT) Visual Studio Express edition for free, or using a pirated full version of Borland Delphi.

Of course, the malware was not written for financial gain, but to steal passwords to access games such as Team Fortress. As expected, the 11 year-old who was profiled did make naive mistakes, such as hardcoding the email address for stolen passwords inside the code.

This was presumably how the security researchers who reverse-engineered it were able to determine the identity of the malware writer.

In my opinion, the takeaway here is related to how simple and easy it is to develop a malicious piece of custom malware.

Due to its uniqueness, such malware is unlikely to be flagged by conventional anti-malware software. As I argued earlier this month, it's high time to overhaul our anti-malware defenses using a combination of techniques instead of relying on blacklisting alone. 

For more:
- check out this article at TechWorld

Related Articles:
It's time to overhaul our anti-malware defenses
Chinese hackers break into NYT, WSJ networks