Targeted Virus Attacks Replace Sweeping Assaults

Massive virus attacks that clobber the Internet are giving way topin-pointed assaults that quietly go after specific companies andagencies, according to some security analysts.

September’s malware figures show that while the number of wide-spread,hard-hitting viruses, akin to Sasser or Slammer, are dwindling, the sheervolume of malware is up. Gregg Mastoras, a senior security analyst atSophos, Inc., an anti-virus and anti-spam company with U.S. headquartersin Lynnfield, Mass., tells eSecurityPlanet that Sophos recorded1,200 new viruses last month alone. That, he estimates, should bring theyear-end total to the 15,000 range.

”We’ll probably have more than last year,” says Mastoras. ”But what’sdifferent is that we’re not seeing as many wide-spread viruses — onesthat would get a lot of attention. That’s because virus writers arechanging the way they’re attacking the networks. They’re not interestedin mass-mailer attacks. They’re more interested in targeting attacks atinstitutions or organizations.”

The types of attacks that we’re seeing is all wrapped up in the fact thatvirus writers are no longer in it just to make a name for themselves.They’re in it for the money. And new motive means new means ofaggression.

”They’re looking for financial gain, so they don’t want as many peopleto hear about the attacks so they can patch leaks and protectthemselves,” Mastoras explains. ”They want it so once someone hearsthat something is going on, it’s too late.”

Forbot, Mastoras adds, is a good example of this type of malware.

The Forbot family of worms largely flew under most people’s radar. Itdidn’t get a lot of press or attention. Once the spyware has infectedsomeone’s computer, it begins acting as a keylogger. ”The damage they dois much more severe because they’re stealing information and then someoneis walking around with a credit card with your name on it because theygot your information off a key logger,” Mastoras says.

Despite how dangerous Forbot has been, it didn’t make the Top Five listfor either Sophos or Central Command, an anti-virus and anti-spam companythat also does a monthly malware ranking. The two companies’ rankingsdiffer but share some common pieces of malware.

Sophos lists its Top Five, according to prevalence, as:

  • Netsky-P with 18.6 percent of all malware traveling the Internet;
  • Mytob-BE, 7.6 percent;
  • Mytob-AS, 6.8 percent;
  • Zafi-D, 4.3 percent, and
  • Netsky-D, 3.3 percent.

    Over at Central Command, which is based in Medina, Ohio, their analystsrank the Top Five most prevalent malware as:

  • Mytob-FC, 21.89 percent;
  • Netsky-Q, 9.36 percent;
  • iFrame-B, 6.39 percent;
  • Mytob-IU, 6.28 percent, and
  • Mytob-DU, 4.10 percent.

    Steve Sundermeier, a vice president at Central Command, says Septemberwas only noteworthy because of the flurry of Bagel and Mytob variantsthat hit the Internet. ”Nothing was significantly high impacting, butthey were coming out one after another, making us work long hours,” saysSundermeier. ”They’re more of a nuisance. But when you see a number like21.89 percent [for Mytob-FC], obviously that one had some significantimpact.”

  • Sharon Gaudin
    Sharon Gaudin is an eSecurity Planet contributor.

    Top Products

    Related articles