Security threats Toolkit

Organised crime behind Sobig - virus expert

Tags:
Organised Crime,
Anti-virus Expert,
Peter Simpson,
ThreatLab At Clearswift

Will Sturgeon silicon.com

Published: 22 Aug 2003 14:10 BST

A leading antivirus expert has voiced concerns that users and organisations are going to be so busy worrying about the sheer size of the Sobig infection that they will "take their eyes off the ball" in terms of the real threat.

Peter Simpson, manager of ThreatLab at Clearswift, warned that antivirus companies and the media have become so obsessed with the unprecedented numbers surrounding the prolific Sobig.F variant that the real dangers are going almost unnoticed.

Simpson warned that Sobig.F is the latest in a series of forays into the digital world by organised criminals looking to make a move online.

"Sobig smashed all the records in terms of pure numbers, but that's not nearly the whole story," said Simpson. "This is the sixth in a series of controlled experiments. This isn't about some kiddy writing viruses in his bedroom -- this is really a very sophisticated example of organised crime."

And he believes there may be far worse to come.

Simpson explained that the purpose of getting Sobig onto the computer is not to cause damage or purely to drive wide and rapid spread, but to gain control of machine, by downloading a Trojan and gain access to information such as bank details for the purpose of fraud. Such tactics effectively hand control of the machine over to the virus writer.

It will also enable unscrupulous marketers to disguise the source of spam by abusing victim's computers and identities.

Simpson suggested this latter factor is one of the main motivators for organised criminals, who are combining the twin threats of spam and viruses for mutual gain. Spammers have seen increased awareness and filtering eat into their bottom line and are now having to come up with more advanced ways of getting their message across.

"The real question here has to be about the motives of the virus writer," said Simpson. "This isn't just about writing a virus that will spread rapidly and break records; the motives here are very different and are clearly criminal"

"It's all about the hidden agenda," he added.

Clearswift is also warning that home users still represent a serious threat to businesses with the increase in virus activity.

With teleworking on the increase, and home security often less watertight than security within an organisation's own four walls, Simpson warned companies to be aware that home users can represent their "Achilles heel".