Security threats Toolkit

'Clean up this Internet effluent now'

Tags:
Viruses

Jason Curtis ZDNet Germany

Published: 07 May 2004 16:10 BST

Security experts claim that a new generation of malicious code seems to specifically target business and industry, and that a connection exists to organised crime. What evidence is there to support this?
The connection to organised crime can be seen specifically in two areas. The first is the already mentioned convergence between spam and viruses. What we're now seeing is that spammers are essentially bankrolling virus writers -- or people who are capable of writing viruses -- to harvest very large networks of zombie machines that can then be used to send huge quantities of spam or launch denial-of-service attacks. What really are linking the spammers to organised crime directly are the recent "phishing" attempts that we've seen and the way in which the money is subsequently being laundered. These are techniques that have existed in organised crime for a very long time. When someone actually tries to follow the money to see what happens financially, the way the money gets moved around definitely hints at people that are very familiar with laundering money in this kind of way.

The second, slightly more tenuous point is that the areas where the attacks, i.e. the Web pages, are hosted are areas that have been associated with organised crime in the past. Specifically we have seen a lot of "phishing" Web sites hosted in Russia.

What are governments currently doing to control the Internet and what might they do in the future?
Certainly I think since we've crossed the threshold of more than 50 percent of all mail being spam, it shows that things are getting out of hand in the absence of a good filtering solution. The trouble is that the laws both here in Europe and in America are slightly out of touch with practicality in terms of the way they work -- certainly in the US, where the laws have potentially created more confusion than they've actually helped. With the opt-out approach they have actually endorsed the concept of a user opening an unsolicited mail in order to then unsubscribe from it. The fatal flaw, of course, is that the law assumes that the spammers are scrupulous, which we definitely know not to be the case. I don't think legislation should ever be viewed as a magic bullet type solution.

Going forward, the way that this problem will really be solved is to move filtering to the Internet level, where the scale and the speed of updates mean that you can do a much better job, especially when you look at the home-user market, where the task of filtering is being placed on the end user. This is really the wrong place to put it; it's not the end user's core competence.

Currently, many ISPs are allowing all Internet traffic to simply flow through completely unfiltered, which is akin to a water authority pumping out raw sewage to its customers and leaving it to them to fend for themselves. Advanced scanning needs to be shifted upstream to the Internet level, where it is possible to be proactive as opposed to reactive. Governments really need to put additional pressure on the ISPs to take ownership of the problem, and to filter the connections that they are providing to businesses and to home users.

Spam and viruses are often mentioned in the same context, and there is much talk about the so-called "blended threats". Is spam then more than just a nuisance? How does it fit into the big picture?
One of the main reasons that you hear about spam so regularly now is that spam is a daily problem, whereas viruses tend to be not quite so much in people's faces so immediately. Spam and viruses are very much mentioned interchangeably now since we've seen the convergence where the purpose behind many viruses is ultimately the proliferation of more spam. Generally, consumers or businesses tend to trust their antivirus partners and are now turning to them to ask how they can help them with their spam problem.