Computer crime gets seriously organised

Computer crime gets seriously organised

Viruses are a fact of life, but they are getting smarter and more lethal. PC users need to become increasingly vigilant.

Your computer is worth money, and not just at the pawnbroker's. Organised crime is now as interested in the profits it can make filching online banking log-ins from your PC as it is in running drugs. And for computer coders developing the technology is easier and far less risky than life as a drug mule.

Today's internet-enabled criminals have a number of preferred techniques for getting their hands on your cash. These include botnets, which create legions of so-called zombie personal computers, and a new genre of viruses known as ransomware.

The days of the big viruses - such as Zotob and Slammer - that were written to make a name for themselves have given way to nasties like GPcode, a bug that kidnaps electronic documents and will only give them back for a price.

Sophos Australia's head of technology, Paul Ducklin, points out that it's still more likely that people will loose data through spilling coffee on their computer than through a hack attack.

But he adds that ransomware and its close relative scareware, which uses misleading claims that a computer is infected to prompt its owner to download a real virus, are part of constant experimentation among online crooks.

"Bear in mind the bad guys do, from time to time, experiment with stuff like scareware," Ducklin says.

"The scareware sets the bar at around $50 to clear up non-existent threats but the GPcode represented an interesting security challenge as it got the cryptography right but it was no magic secret [for anti-virus companies] to reverse engineer.

"For concerned users there are plenty of commercially legitimate tools you can [use to] evaluate the health of your PC, free of charge."

Worldwide, the security software market was worth £10.4 billion ($21.5 billion) in 2007, a 19.8 per cent increase on 2006 according to market research firm Gartner.

Locally, Gartner predicts Australian businesses and consumers will spend $US148.4 million ($154.7 million) on technology to lock down their computers in 2008 - a figure that will have risen to more than $US200 million come 2012.

Virus experts believe a new bug or a variation of an existing one is released every two minutes. That's actually down from the beginning of the year when new viruses were hitting the web every few seconds.

But the nature of attacks is changing - today's viruses and trojans are geared towards behind-the-scenes attacks that rely on stealth to infect computers.

It's a technique that far more readily wreaks havoc than carpet-bombing a computer with spam in the hope its owner will inadvertently click on a nefarious email.

The Storm worm - an email attachment in circulation since January 2007 - was chiefly designed to create a botnet. Some estimates claim the worm has infected between one million and 10 million computers, and a new variant was released on April Fool's Day this year.

Former Scotland Yard detective and leading Microsoft virus investigator Steve Santorelli, who is now director of investigations at internet crime research group Team Cymru, says the game is changing and serious crooks like to keep a lower profile when they attack.

"Zotob was only spectacular because it screwed up code and crashed systems," he says.

"Today it is far better to have a slow, discrete burner moving from bank to bank. [Also], some technical solutions are never going to stay ahead of these people as the bad code developers have armies of developers working [for them]."

The shift means that the rate of infection of computers with viruses, malware [malicious software], spyware and sundry other electronic pests is falling - but the success rate of attacks is on the rise as criminals get smarter.

"Two years ago the proportion of malware in e-mail attachments was one in 1000 and now it is one in 40," Ducklin says.

"The bad guys now deliver a multi-stage attack, say through an email with an embedded [download] link . . . that tries to exploit a vulnerability in the browser. Each particular attack vector needs to run in sequence and if we block any one, we win."

But at the same time that criminals are getting smarter in their attacks, consumers aren't necessarily becoming more adept at securing computers.

A recent survey of Australian home PC users found that 64 per cent of those whose computers were infected with malicious code were either confident or very confident about managing their own security.

A whopping 84 per cent of those respondents used their computer for internet banking and 66 per cent for internet-based payments.

In its 2008 Home Users Computer Security Survey, Australian computer security team AusCERT found that there were high rates of infection regardless of whether computer owners engaged in regular PC maintenance or not.

AusCERT's manager of assessment and analysis, Kathryn Kerr, says 37 per cent of respondents never updated their operating systems and 26 per cent of those reported infections by malicious code. Yet there was a 21 per cent infection rate of computers among owners who did keep their PCs up to date.

Kerr says the survey looked very broadly at malicious code so it was difficult to ascertain if people were infected with password-stealing trojans and other bugs aimed at financial or identity theft.

"In most cases people wouldn't have a clue," Kerr says. "What is a more common mode of infection is people browsing products and pages online where the host website has not been secured properly and then the viewer's computer becomes infected with malicious code."

Paul Ducklin agrees that many attacks are launched through legitimate websites that have been compromised, meaning that PCs can quickly become infected if their internet browsers have any security vulnerabilities.

He says consumers need to be careful not to put too much faith in claims that non-Microsoft operating systems such as Apple's OSX and the open source Linux platform are immune from attack. Apple did discover an OSX specific virus "in the wild" this June.

"People think [Apple and Linux are] more secure but it may be more by accident than design," he says.

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags virusesnew technologies

Show Comments