Establishing Digital Trust: Don't Sacrifice Security for Convenience
The malicious marriage of spam and viruses. Virus writers working to make a buck instead ofmaking a name for themselves in the black hat world. Spam and viruses becoming more of aheightened security issue than ever before.
These are just some of the predictions from the anti-virus and anti-spam community for thecoming year. They're all problems that got a foothold in 2003. And from what the securityexperts are saying, these problems will only mature and expand in the new year.
''Yes, I definitely see a continuation of the same for this year,'' says Scott Olson, asenior vice president with Austin, Texas-based WholeSecurity, an anti-virus company thatfocuses on trojans and backdoors. ''Without a doubt we're going to see more and moreevolution in these viruses... The damages from these types of attacks are becoming morereal. Companies are losing a ton of money because of down time on their networks, andintellectual property theft. And customers are becoming victims of identity theft throughfaked emails and Trojan horses.''https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i Viruses and worms caused a lot of damage in 2003. Computer Economics Inc., for instance,estimated that the SoBig virus cost businesses more than $1 billion in losses, while mi2g, asecurity and digital risk management company based in London, placed costs at a whopping$36.1 billion when losses in productivity and business were factored in. With the MSBlasterworm, it was hard to calculate a final damage cost but Computer Economics took a stab andfigured that the damages rang in at $500 just within the first few days of the virus'release.
Beside the increase in financial damage, there were a few major turning points in the virusworld last year.
First off, there was a change in motive. For years, virus authors wrote malicious codebecause they wanted the prestige, the name recognition, in their underground community.Authoring a major virus, one that got worldwide attention or crippled a major company'snetwork even for a few minutes, brought underground glory.
But last year, black hats began writing malicious code aimed at lining their wallets, nottheir trophy rooms. Viruses dropped Trojans and opened back doors so the author could pilfercritical information, like user names, passwords, Social Security numbers and bank accountinformation.
That made the game more dangerous, more malignant. Instead of crashing a computer for a fewminutes or leaving a sarcastic message on a Web site, people were in danger of losing theirlife savings.
And as that change was happening, another one was coming to light.
Virus writers were teaming up with the security community's other arch nemesis -- spammers.
Think of the mess. Overnight, spam went from pitching Viagra and get-rich-quick schemes totricking hapless email users into hanging out their critical financial information. Thespammers were 'phishing' for financial information, and the virus writers were helping themdo it.
''It's not so much about boasting that someone wrote a virus anymore, or getting your nameout as a hacker,'' says Steve Sundermeier, vice president of products and services atCentral Command, an anti-virus company based in Medina, Ohio. ''It's more about committingthese white collar crimes. They're obtaining credit card information and then it becomes aclear cut crime... I personally see more of this happening this year.''
Many analysts also say that viruses and spam are no longer the realm of the techies alone.With money to be made, organized crime is increasingly getting in on the game. And that isupping the ante for those being baited into divulging their critical information, and forthose fighting the problem.
And Sundermeier says that means anti-spammers and those in the anti-virus community areincreasingly working with law enforcement.
''There's definitely going to be a lot of migration between the anti-virus industry and lawenforcement and the FBI,'' he adds. ''We saw this start with Microsoft putting a bounty onhackers' head. We saw the arrest of the guy who wrote the Blaster variant. You'll see a lotmore collaboration between anti-virus and law enforcement.''
And with people's life savings or livelihoods on the line, there's more pressure on thesecurity community to be swift and sure in their work.
''It's kind of sad, but there's a new reality to it,'' says Sundermeier. ''Not only do wefeel more important but it's a lot of pressure and added stress on us to turn around thesevirus signatures. If we have code for a new variant of Sobig... now we're talking aboutpeople's livelihood and huge financial loss. It's more stressful.''