Virus Writers Change Tactics for 2006

Malware writers are no longer creating Blasters and Slammers. They're not trying to take down millions of systems, but keep them running so they can steal the information on them.
As the sheer volume of viruses skyrocketed in 2005, malware writers changed their tactics. Instead of taking down as many systems as possible, going into the new year, they'll be leaving users' computers running -- giving the hackers more opportunity to steal their information.

Big worms, like Slammer and Code Red, made headlines for causing millions, if not billions, of dollars in damage. Computers were brought down. Systems were crippled. Business was hindered. But those days may be behind us, according to security analysts.

That doesn't mean, however, that the damage is lessened. It's just different. Instead of computers going down and slowing business, machines are left running so the malware writers can get in them and pilfer critical financial information.

''It's a major shift for virus writers,'' says Steve Sundermeier, a vice president for Central Command, an anti-virus and anti-spam company based in Medina, Ohio. ''In terms of crashing computers and servers, we're not seeing that like you would have with a Blaster or a Code Red, but we are seeing these Trojans and pieces of spyware that are stealing your information. It's about getting people's credit card information.

Ken van Wyk, a principal consultant for KRvW Associates, LLC and a columnist for eSecurityPlanet, says he started to notice the trend in 2005 and foresees it continuing strongly into 2006.

''The big flashy attacks that take down a big site or make the front page aren't the attacks that make them money,'' he adds. ''They're looking for log-in information, credit card information and the like. To get all of that, they need to keep the computer running.''

Sundermeier says it's no less dangerous than the old type of attacks. ''To me, that's even more damaging. It's even scarier.''

And Sundermeier adds that this is a trend that will continue well into 2006. More adware. More spyware. The continued building of botnets, which are large groups of zombie computers that can be used by the virus writers to send out spam, denial-of-service attacks and more viruses.

Ted Anglace, a senior security analyst with Sophos, an anti-virus and anti-spam company with U.S. headquarters in Lynnfield, Mass., says to find out what virus writers will be doing in the new year, you just have to follow the money trail.

''I believe there has been a big shift and financial incentive is the big driver for that,'' he adds. ''Follow the money. The old worms, while they were destructive, were out for vandalism. Now they're monetizing their operations.''

And Anglace says IT managers and users should expect spyware to get even nastier.

''Spyware definitely is getting a lot worse,'' he says. ''We've seen some instances of spyware that have taken screen shots when people go online to their banking sites. Then the screen shots get emailed out to the hackers who log onto the bank accounts and steal from them.''

Malware in 2005

As for this past year, the Sober-AI worm made its mark -- and made it quickly.

Central Command's Sundermeier says this recent variant of the virulent Sober family only hit the Wild at the end of November, but it quickly became the most prevalent malware of the year -- despite the fact that it only had a single month to propagate.

''It ranks as the Number One mass-mailing Internet worm of all time,'' reports Sundermeier. ''It's still accounting for 40 percent to 50 percent of all infections that we're seeing.''

Anglace from Sophos says 2005 was noteworthy simply because of the huge volume of malware that hit the Wild.

''We saw a huge volume spike,'' he notes. ''We had a 48 percent increase year-over-year in malware. One in 44 emails was viral. And Trojans outweighed Windows worms two to one.''

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.