A new crimeware kit for sale on a hacking forum is offering aspiring cybercriminals a cheap way to launch malware spam campaigns.
Uncovered by researchers at Flashpoint[1], the kit was first offered for sale in February for $500; two months later, the price has already been reduced to just $120 for a three-month license.
It's available on high-profile Russian-speaking and English-speaking underground forums[2] and has been observed being used by various cybercriminal groups of different sizes, reflecting how easy it is for criminals to launch malware campaigns.
It comes with a raft of enhanced features including encryption algorithm choices, download methods and payload models, indicating those behind it are putting work into updating and developing the illicit product.
The kit, known as Rubella Macro Builder, isn't designed to deliver any particular payload, but rather allow users to distribute whatever they choose to deliver as widely as possible, with payloads able to be delivered via executable, JavaScript and Visual Basic Script.
"The Rubella Macro Builder is designed to be used in massive spam campaigns, not to target any specific organisations or individuals. Most spammers cast as wide a net as possible to reach as many potential victims as possible," said Paul Burbage, malware researcher at Flashpoint.
See also: What is malware? Everything you need to know about viruses, trojans and malicious software[3]
The malware can also bypass basic antivirus detection relying on Visual Basic Script obfuscation methods like XOR, Base64, and simple padding.
Once installed on a system, the Rubella-generated malware acts as a first-stage loader for other malware installations and downloads onto infected machines. One form of malware seen to be delivered using this technique is the Panda banking Trojan[4]