Networking: Virus writing for profit

Sep 26, 2005

Unscrupulous e-mail marketers are collaborating with criminal virus writers to combine selling questionable goods and services online with attempting to steal information from consumers, experts told United Press International's Networking.

"Spammers are now paying virus writers to make new viruses that create zombie networks that are used to send fraudulent or phishing e-mails," said John Dickinson, author of the book, "The New Anti-Virus Formula: How to Use Multilayered Security to Defeat Viruses."

Dickinson added, "The so-called phishing variant induces people to turn over the keys to their financial accounts, leading to outright theft."

Kaspersky Lab, an Internet-security company in Moscow, reports increasing evidence of criminal activity in this field since December 2004. Over the past year, company researchers have found, the virus-writing community has moved from pranksters to pros, with the result that between 70 percent and 90 percent of all malware detected by Kaspersky Lab has been written for criminal purposes, instead of the previous aim of gaining the virus writer international notoriety.

Shane Coursen, Kaspersky Lab's senior technical consultant in the United States who recently published a scholarly paper called "The Changing Threat," said virus writing is becoming a for-profit endeavor, with goals as varied as personal-identity theft to corporate espionage.

"The threat in its mildest forms -- which too often defy successful criminal prosecution -- results in disruption of day-to-day business, taking a significant toll on the profitability of companies of all sizes," Coursen said.

Other experts said collaborations between virus writers and spammers constitute a natural, symbiotic partnership.

"Anyone can send spam or a phishing e-mail," said Patrick Peterson, chief technology officer at IronPort, an IT security technology developer in San Bruno, Calif. "There are two magic ingredients to economic success on a large scale. The first is in controlling a large enough network of open proxies and compromised hosts to blast e-mail without having your footsteps traced. This is accomplished with viruses."

Next, Peterson continued, the criminals need to be able to transform stolen credit-card numbers and online bank-account numbers into cash.

"This is uniquely aligned with organized crime," he said. "Organized criminals have aggressively inserted themselves into the e-mail fraud ecosystem and play the primary role in networks like carderplanet.com and shadowcrew, which steal millions of credit-card numbers every year."

One of the fastest-growing markets for these criminal collaborators is overseas, experts said. For example, South American banks are considered a prime target for online fraud criminals. On a daily basis, according to MessageLabs, an IT-security company in New York City, approximately 20 Web sites are discovered that harbor malware aimed at compromising predominantly South American banks.

Authorities recently arrested 15 suspects from Spain, Argentina, Italy and Romania who were targeting customers in South America with illegal spam-virus combos.

According to Alex Shipp, senior anti-virus technologist at MessageLabs, the banking system in South American countries is generating a lot of interest in Internet banking, even more so than in the United States or Europe.

"This makes online banks a prime target for the high-tech gangs operating in the region who can get rich quick by selectively targeting local economic interests," Shipp said.

One tactic used by the spammers and virus writers is sending virtual postcards. In Brazil there is a massive craze for virtual-postcard sites, which allow people to send e-cards to loved ones and friends.

Shipp said, however, that these sites also provide an easy social-engineering opportunity for criminals wanting to steal users' confidential details.

"By tricking victims into downloading a Trojan instead of an electronic postcard, they can then start to monitor internet traffic with the goal of stealing usernames and passwords," he said.

Copyright 2005 by United Press International

Explore further: Greenland darkening to continue, predicts CCNY expert Marco Tedesco

Related Stories

US turns to rewards in hunt for overseas cyber criminals

Mar 19, 2015

The FBI considers Evgeniy Bogachev one of the world's most prolific and brilliant cyber criminals, slapping his photos—bald, beefy-faced and smiling faintly—on "Wanted" fliers posted online. The Russian ...

Clinton ran own computer system for her official emails

Mar 03, 2015

The computer server that transmitted and received Hillary Rodham Clinton's emails—on a private account she used exclusively for official business when she was secretary of state—traced back to an Internet ...

Poor decision-making can lead to cybersecurity breaches

Feb 17, 2015

Recent high-profile security breaches, such as those at Target, Anthem Inc. and Sony Pictures, have attracted scrutiny to how the seemingly minor decisions of individuals can have major cybersecurity consequences.

Microsoft No-IP takedown to strike malware draws protests

Jul 01, 2014

Microsoft on Monday staged a takedown of two malware families abusing no-IP services but, in the mission to take down the botnets, legitimate servers depending on dynamic domain name services from No-IP were, ...

Recommended for you

World's first 5G radio channel model

45 minutes ago

While the next mobile network generation – 5G – is yet to be fully realised, the EU has committed itself to ensuring that European businesses and services are able to take full advantage when this new ...

How to alert drivers to fatigue

2 hours ago

Frank Black is a professional truck driver, having clocked up nearly three decades travelling the breadth of Australia. But every time he gets into his cab, Black thinks about driver fatigue; over the years ...

Protecting our rights to privacy and digital dignity

2 hours ago

How many of us read the terms and conditions when signing up to a social media account or downloading a new app? And does agreeing to these rules offer us any real protection from big business looking to ...

Energy-tracking app encourages sustainable behaviors

3 hours ago

For a generation motivated by technology and fast-moving information, a professor at the University of Wisconsin-Madison has created an energy-tracking app to make reducing day-to-day energy usage more accessible.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.