Malware unmasked

Posted on 27 Sep 2006 at 10:46

 

Gallery

What's up, 'bot?

Malware writers are also keen on collecting computers, with the help of viruses like MyTob. Here a Trojan is planted by the virus that allows the originator to take control of large numbers of PCs - collectively termed a 'botnet' (as in 'robotic network').

This can be very profitable indeed. In the US, earlier this year, 20-year-old Jeanson James Ancheta pleaded guilty to running a 400,000-computer botnet. In 14 months he'd earned $58,000 (around £30,400) by installing adware on the compromised computers and earning revenue from the adverts. He also made $3,000 hiring out his botnet to third parties.

Botnets are often used to send out spam cheaply or to launch denial-of-service attacks against particular websites or online services. In August 2005, Dutch police arrested three men who used the W32.Toxbot virus to create a computer botnet that, it is alleged, was used to blackmail a US company with the threat of a denial-of-service attack, which would shut down its servers.

Remotely controlled computers can even be used to store criminal material. In 2001, Briton Karl Schofield was arrested on suspicion of possession of child pornography and endured a two-year investigation before prosecutors in court accepted that images found of Schofield's computer could have been downloaded remotely by a third party, using an unnamed Trojan virus.

The kids aren't alright

Of course, the kind of code needed to facilitate such theft can be hard to create. However, much of the world's malware is the work of people derisively dubbed 'script kiddies'. The term refers to programmers that create computer code using automated software toolkits, which can generate modified versions of existing malware with minimal effort and programming knowledge.

An example is Jeffrey Lee Parson who, while still a teenager, used a toolkit-created virus to launch a denial-of-service attack against Microsoft. Unfortunately for Parson, he included in the virus code his online name and personal website address and was quickly caught.

Such toolkits can be easy to use and allow someone with even rudimentary programming knowledge to build a virus that is similar to the original code, but with sufficient difference to outwit existing antivirus defences. Moreover, these kits are cheap and readily available. In March this year, researchers at Sophos found that a Russian toolkit called Web-Attacker could be bought online for just £10.

What the future holds

Whatever the source, malware is here to stay and the problem is likely to get worse rather than better. The rewards are now so high that increasing numbers of criminals are turning to this new source of revenue.

In the younger days of the internet, malware was an exercise in technical skill, in beating the security companies and showing off prowess to peers by creating an infection. Those days are long gone, but equally the number of mass infections is likely to fall. The criminals who dominate today's malware industry want to remain as inconspicuous as possible and can make a lot of money out of a small number of compromised PCs.

For the past two years, there has been a corresponding reduction in the size of virus outbreaks as this process continues and the criminals are using a wider variety of spyware to capture valuable information.

We will all need to be much more security conscious in order to avoid being caught out by malware. A good antivirus package, updated every day, is a must. There are also specialised anti-spyware programs for sale, as well as free applications like Ad-Aware (www.lavasoftusa.com) and Spybot Search & Destroy (www.safer-networking.org) - be sure to make use of these tools.