Virus Writers Change Tactics for 2006

As the sheer volume of viruses skyrocketed in 2005, malware writerschanged their tactics. Instead of taking down as many systems aspossible, going into the new year, they’ll be leaving users’ computersrunning — giving the hackers more opportunity to steal theirinformation.

Big worms, like Slammer and Code Red, made headlines for causingmillions, if not billions, of dollars in damage. Computers were broughtdown. Systems were crippled. Business was hindered. But those days may bebehind us, according to security analysts.

That doesn’t mean, however, that the damage is lessened. It’s justdifferent. Instead of computers going down and slowing business, machinesare left running so the malware writers can get in them and pilfercritical financial information.

”It’s a major shift for virus writers,” says Steve Sundermeier, a vicepresident for Central Command, an anti-virus and anti-spam company basedin Medina, Ohio. ”In terms of crashing computers and servers, we’re notseeing that like you would have with a Blaster or a Code Red, but we areseeing these Trojans and pieces of spyware that are stealing yourinformation. It’s about getting people’s credit card information.

Ken van Wyk, a principal consultant for KRvW Associates, LLC and acolumnist for eSecurityPlanet, says he started to notice the trendin 2005 and foresees it continuing strongly into 2006.

”The big flashy attacks that take down a big site or make the front pagearen’t the attacks that make them money,” he adds. ”They’re looking forlog-in information, credit card information and the like. To get all ofthat, they need to keep the computer running.”

Sundermeier says it’s no less dangerous than the old type of attacks.”To me, that’s even more damaging. It’s even scarier.”

And Sundermeier adds that this is a trend that will continue well into2006. More adware. More spyware. The continued building of botnets, whichare large groups of zombie computers that can be used by the viruswriters to send out spam, denial-of-service attacks and more viruses.

Ted Anglace, a senior security analyst with Sophos, an anti-virus andanti-spam company with U.S. headquarters in Lynnfield, Mass., says tofind out what virus writers will be doing in the new year, you just haveto follow the money trail.

”I believe there has been a big shift and financial incentive is the bigdriver for that,” he adds. ”Follow the money. The old worms, while theywere destructive, were out for vandalism. Now they’re monetizing theiroperations.”

And Anglace says IT managers and users should expect spyware to get evennastier.

”Spyware definitely is getting a lot worse,” he says. ”We’ve seen someinstances of spyware that have taken screen shots when people go onlineto their banking sites. Then the screen shots get emailed out to thehackers who log onto the bank accounts and steal from them.”

Malware in 2005

As for this past year, the Sober-AI worm made its mark — and made itquickly.

Central Command’s Sundermeier says this recent variant of the virulentSober family only hit the Wild at the end of November, but it quicklybecame the most prevalent malware of the year — despite the fact that itonly had a single month to propagate.

”It ranks as the Number One mass-mailing Internet worm of all time,”reports Sundermeier. ”It’s still accounting for 40 percent to 50 percentof all infections that we’re seeing.”

Anglace from Sophos says 2005 was noteworthy simply because of the hugevolume of malware that hit the Wild.

”We saw a huge volume spike,” he notes. ”We had a 48 percent increaseyear-over-year in malware. One in 44 emails was viral. And Trojansoutweighed Windows worms two to one.”

Sharon Gaudin
Sharon Gaudin is an eSecurity Planet contributor.

Top Products

Related articles