Thursday, March 28, 2024

Virus Writers Change Tactics for 2006

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

As the sheer volume of viruses skyrocketed in 2005, malware writers

changed their tactics. Instead of taking down as many systems as

possible, going into the new year, they’ll be leaving users’ computers

running — giving the hackers more opportunity to steal their

information.

Big worms, like Slammer and Code Red, made headlines for causing

millions, if not billions, of dollars in damage. Computers were brought

down. Systems were crippled. Business was hindered. But those days may be

behind us, according to security analysts.

That doesn’t mean, however, that the damage is lessened. It’s just

different. Instead of computers going down and slowing business, machines

are left running so the malware writers can get in them and pilfer

critical financial information.

”It’s a major shift for virus writers,” says Steve Sundermeier, a vice

president for Central Command, an anti-virus and anti-spam company based

in Medina, Ohio. ”In terms of crashing computers and servers, we’re not

seeing that like you would have with a Blaster or a Code Red, but we are

seeing these Trojans and pieces of spyware that are stealing your

information. It’s about getting people’s credit card information.

Ken van Wyk, a principal consultant for KRvW Associates, LLC and a

columnist for eSecurityPlanet, says he started to notice the trend

in 2005 and foresees it continuing strongly into 2006.

”The big flashy attacks that take down a big site or make the front page

aren’t the attacks that make them money,” he adds. ”They’re looking for

log-in information, credit card information and the like. To get all of

that, they need to keep the computer running.”

Sundermeier says it’s no less dangerous than the old type of attacks.

”To me, that’s even more damaging. It’s even scarier.”

And Sundermeier adds that this is a trend that will continue well into

2006. More adware. More spyware. The continued building of botnets, which

are large groups of zombie computers that can be used by the virus

writers to send out spam, denial-of-service attacks and more viruses.

Ted Anglace, a senior security analyst with Sophos, an anti-virus and

anti-spam company with U.S. headquarters in Lynnfield, Mass., says to

find out what virus writers will be doing in the new year, you just have

to follow the money trail.

”I believe there has been a big shift and financial incentive is the big

driver for that,” he adds. ”Follow the money. The old worms, while they

were destructive, were out for vandalism. Now they’re monetizing their

operations.”

And Anglace says IT managers and users should expect spyware to get even

nastier.

”Spyware definitely is getting a lot worse,” he says. ”We’ve seen some

instances of spyware that have taken screen shots when people go online

to their banking sites. Then the screen shots get emailed out to the

hackers who log onto the bank accounts and steal from them.”

Malware in 2005

As for this past year, the Sober-AI worm made its mark — and made it

quickly.

Central Command’s Sundermeier says this recent variant of the virulent

Sober family only hit the Wild at the end of November, but it quickly

became the most prevalent malware of the year — despite the fact that it

only had a single month to propagate.

”It ranks as the Number One mass-mailing Internet worm of all time,”

reports Sundermeier. ”It’s still accounting for 40 percent to 50 percent

of all infections that we’re seeing.”

Anglace from Sophos says 2005 was noteworthy simply because of the huge

volume of malware that hit the Wild.

”We saw a huge volume spike,” he notes. ”We had a 48 percent increase

year-over-year in malware. One in 44 emails was viral. And Trojans

outweighed Windows worms two to one.”

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles