What is Malware-as-a-Service?


There’s a strong misconception — amongst business leaders and consumers alike — that unleashing a cyberattack is a difficult and expensive process that only experts are capable of executing. In reality, this could not be further from the truth. Currently, the integrity of the Internet is being compromised by a vast criminal underground market commonly referred to as Malware-as-a-Service (MaaS).

shutterstock_165661070A MaaS network operates similarly to the software-as-a-service market due to the fact that it allows criminals to gain access to build-it-yourself malware kits and hosted management services necessary for deploying malware across the Internet. These services often act as 24/7 customer support hotlines where criminals can have malware tested for detectability and effectiveness around the clock.

Therefore, these do-it-yourself cyberattack kits can be acquired and unleashed with relatively little to no experience. Essentially, these networks establish a what-you-see-is-what-you-get (WYSIWYG) system for constructing customized Trojans for targeted cyber-attacks. Building malware, in other words, has never been easier, and now attacks can be specifically tailored to suit specialized user needs.

As prices continue to fall in the MaaS market and the number of malware services increases, the risk is growing increasingly more severe. It can be likened to the battle against rogue terrorism, where individuals are capable of unleashing attacks without being connected to any larger network. As Security Intelligence Director for Webroot Grayson Milbourne explains, anyone can do it.

“You don’t have to be part of a hacking collective to be an effective hacker and someone who is effective at monetizing his efforts in this alluring way,” Milbourne said. “It is rather easy and people are making a lot of money, so we expect [tools] to become more available and less expensive.”

In addition to providing customer service support and testing centers, the MaaS market also provides users access to computer botnets, which is essentially a Web of infected “zombie” computers that are invisibly infected with malware. According to Webroot, in the U.S. 1,000 infected host computers can be purchased for as little as $180.



Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and websites in more than 5,000 organizations spanning 85 countries. Entrust's identity-based approach offers the right balance between affordability, expertise and service. With more than 125 patents granted and pending, these world-class solutions include strong authentication, physical and logical access, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI.


Add to the Conversation