http://www.vnunet.com/analysis/1160302 Daniel Thomas Computing 05 Jan 2005 Virus writing is no longer the exclusive domain of teenage geeks designing malicious code in their bedroom. Criminals are earning millions by dropping viruses and trojans onto computers of unsuspecting home users, siphoning money from online bank accounts, trading stolen identities, distributing porn and blackmailing firms. And the former Soviet Union, with a high number of technically sophisticated but out of work programmers, is one of the major regions where this activity is on the increase. Some 4044 cases of internet fraud were reported in Russia between 1999 and 2002, according to the Russian Ministry of Internal Affairs. But in the first half of last year this grew dramatically, with 4,295 internet-based crimes reported by Russian police. The majority were based around malicious code and information theft. Over 90 per cent of malicious code now circulating around the internet is designed for criminal gain, says Eugene Kaspersky head of anti-virus research at Moscow-based Kaspersky Lab. 'It's being used for stealing money, for spam and advertising, and for internet crime rackets,' he says. Kaspersky's figures are backed by estimates from the Ukraine-based Computer Crime Research Centre which says the total amount of financial losses worldwide resulting from cybercrime exceeded $411bn at the end of last year. Speaking to Computing at the anti-virus lab's headquarters, located in a totalitarian-looking ex-communist party building on the outskirts of Moscow, Kaspersky scrolls through a list of hundreds of new viruses that have been caught using virus-detecting 'honey-pot' computers over the past five days. Some 420 of the 470 viruses identified by him and his team of 10 codebreakers during this time have been designed for criminal purposes, he says. 'There's a lot of money on the internet,' says Kaspersky. 'And it's very easy to develop a trojan or web page that looks like a bank's website.' Phishing, which uses social engineering and key-logging trojans to trick online banking customers into revealing financial details, is one of the fastest growing areas of computer crime, with 1142 active sites reported by the Anti-Phishing Working Group last October. Later this month, two men and two women from Russia, Estonia and Ukraine, will face trial at the Old Bailey for allegedly being part of a gang that conned customers into giving out bank details before stealing money from their accounts. 'It's hard to transfer money from these accounts as they can be traced, so often they will buy something using the details and then earn money by selling it,' says Kaspersky. Trojans, which use email attachments and web links to trick internet users into downloading code, are also being used take control of unsuspecting home and work computers. By building up a 'zombie army' - a network of thousands of compromised computers - hackers take ownership of a lucrative asset, which they can hire out to illegal spammers and criminal gangs wanting to extort money from ecommerce firms through distributed denial of service (DDOS) attacks which crash sites. 'There are internet shops for zombie networks where you can by 5,000 infected machines for $300,' says Kaspersky. Last July, the UK?s National Hi-Tech Crime Unit, working with its Russian Ministry of Internal Affairs equivalent, Division K, smashed a Russian crime racket responsible for extorting thousands of pounds from UK online bookmakers reliant on their website availability (Computing, 21 July). The gang, located in St Petersburg and south-west Russia, targeted prominent betting firms, including William Hill, Paddy Power and Blue Square, using DDOS attacks to bring down sites, and demanded between $10,000 and $40,000 to stop repeat occurrences. But despite recent successes by internet law enforcement agencies, Kaspersky believes the criminals are getting smarter, seeking out new ways to conceal their identity and earn money. Every time police capture cybercriminals they also reveal some of the methods they use to catch them, he says. 'There will be a lot more malicious code next year for two reasons,' says Kaspersky. 'Firstly the criminals will try and hide themselves using proxies and that will need more code.' 'Secondly people are doing more to protect themselves against these threats so criminals need to develop new malicious code to bypass this and build new zombie networks.' Where lucrative money-making opportunities spring up on the internet, organised crime groups will follow. And when new security measures shut the door on current exploits, new opportunities and flaws will be exposed, says Kaspersky. 'They will never stop their business, they will just find another way. The story will carry on year after year and because of this the anti-virus firms will not lose their jobs,' he says. Political hacktivism Home users are unknowingly having their computers commandeered by political activists as part of a plot to bring down Chechen rebel websites. An email virus claiming to contain pictures of nude glamour models is preying on male computer users, infecting their machines with code which takes control of their PC. The W32/Maslan-C worm infects PCs using an attached Playgirls2.exe file, spreads to other email users and then waits until the first day of every month to launch denial-of-service attacks on Chechen separatist sites, according to anti-virus firm Sophos. By creating an army of compromised computers the virus writer can bombard Chechen websites, including www.chechpress.com and www.kavkaz.org.uk, blasting them off the internet. These websites play a key role in the propaganda war between the Chechen rebels and the Kremlin, according to Sophos. Although there is no proof linking the Kremlin to the denial of service attacks, it follows moves by Russia to close down websites of Chechen rebels calling for independence in the region. Last November the Russian Foreign Ministry asked the Lithuanian government for an explanation as to why the websites - run by separatists out of Lithuania - had resumed activity. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Thu Jan 06 2005 - 03:44:17 PST