As the sheer volume of viruses skyrocketed in 2005, malware writers
changed their tactics. Instead of taking down as many systems as
possible, going into the new year, they’ll be leaving users’ computers
running — giving the hackers more opportunity to steal their
information.
Big worms, like Slammer and Code Red, made headlines for causing
millions, if not billions, of dollars in damage. Computers were brought
down. Systems were crippled. Business was hindered. But those days may be
behind us, according to security analysts.
That doesn’t mean, however, that the damage is lessened. It’s just
different. Instead of computers going down and slowing business, machines
are left running so the malware writers can get in them and pilfer
critical financial information.
”It’s a major shift for virus writers,” says Steve Sundermeier, a vice
president for Central Command, an anti-virus and anti-spam company based
in Medina, Ohio. ”In terms of crashing computers and servers, we’re not
seeing that like you would have with a Blaster or a Code Red, but we are
seeing these Trojans and pieces of spyware that are stealing your
information. It’s about getting people’s credit card information.
Ken van Wyk, a principal consultant for KRvW Associates, LLC and a
columnist for eSecurityPlanet, says he started to notice the trend
in 2005 and foresees it continuing strongly into 2006.
”The big flashy attacks that take down a big site or make the front page
aren’t the attacks that make them money,” he adds. ”They’re looking for
log-in information, credit card information and the like. To get all of
that, they need to keep the computer running.”
Sundermeier says it’s no less dangerous than the old type of attacks.
”To me, that’s even more damaging. It’s even scarier.”
And Sundermeier adds that this is a trend that will continue well into
2006. More adware. More spyware. The continued building of botnets, which
are large groups of zombie computers that can be used by the virus
writers to send out spam, denial-of-service attacks and more viruses.
Ted Anglace, a senior security analyst with Sophos, an anti-virus and
anti-spam company with U.S. headquarters in Lynnfield, Mass., says to
find out what virus writers will be doing in the new year, you just have
to follow the money trail.
”I believe there has been a big shift and financial incentive is the big
driver for that,” he adds. ”Follow the money. The old worms, while they
were destructive, were out for vandalism. Now they’re monetizing their
operations.”
And Anglace says IT managers and users should expect spyware to get even
nastier.
”Spyware definitely is getting a lot worse,” he says. ”We’ve seen some
instances of spyware that have taken screen shots when people go online
to their banking sites. Then the screen shots get emailed out to the
hackers who log onto the bank accounts and steal from them.”
Malware in 2005
As for this past year, the Sober-AI worm made its mark — and made it
quickly.
Central Command’s Sundermeier says this recent variant of the virulent
Sober family only hit the Wild at the end of November, but it quickly
became the most prevalent malware of the year — despite the fact that it
only had a single month to propagate.
”It ranks as the Number One mass-mailing Internet worm of all time,”
reports Sundermeier. ”It’s still accounting for 40 percent to 50 percent
of all infections that we’re seeing.”
Anglace from Sophos says 2005 was noteworthy simply because of the huge
volume of malware that hit the Wild.
”We saw a huge volume spike,” he notes. ”We had a 48 percent increase
year-over-year in malware. One in 44 emails was viral. And Trojans
outweighed Windows worms two to one.”