Attacks have come a long way since the "target of chance" Internet that many of us grew up in. Attacks, and attackers, have evolved drastically. Long gone are the days of running a scanner for a particular vulnerable service and then hitting it with a recently downloaded exploit. In other words the script kiddies are going the way of the dodo bird. If they aren't going extinct, they certainly aren't the major thorn in the info-sec teams side any longer.

I don't tend to follow virus and trojan trends very closely. I usually live in the application space and not in the post compromise and/or malware world (yet). That being said I just read this very interesting post at The Symantec Security Blog by Elia Florio. The amount of resources and level of expertise it takes to work through the creation of a trojan/virus of this nature is not trivial. This particular piece of malware includes p2p networking, bot net management, spam sending, DDoS attacks, data gathering, and continued distribution of the trojan itself. Those things aren't ALL that impressive or new, but the fact that the latest variant includes the ability to detect and shutdown virtual machines (honeypots or malware analysis sandboxes), a new rootkit driver using randomly generated names, and process injection using XOR obfuscation leads me to believe this is being created by organized crime of some sort as opposed to your common bored teen. (*I've been wrong before and since this isn't my area of expertise I welcome comments that state otherwise*).

Needless to say there is clearly some money to be made in the area of malware creation, management, and distribution. I guess this is nothing new to most of you, but sometimes it helps to state the obvious. The world of the attacker has certainly evolved a long way over the last 10-15 years. These are now the days of targeted attacks, exploit the weakest link, possibly extort some cash, and $pr0f1t$. I wish the information security operations people the best of luck, you are going to need it.