Security threats Toolkit

Criminals send malware levels soaring

Tags:
Graham Cluley,
Viruses,
Cybercrime,
Sophos

Alice Lander and Graeme Wearden ZDNet.co.uk

Published: 04 Jul 2005 17:25 BST

Security firm Sophos has seen a dramatic rise in the number of viruses, worms and Trojan horses this year as more organised criminals turn to cybercrime.

The firm reported last week that it had detected 7,944 new pieces of such malware in the first six months of this year — almost 60 percent more than the same time last year.

The biggest growth was in Trojan horses — programs that can damage a user's files, steal information, or even create a backdoor that can be used to compromise that PC.

Trojans cannot self-propagate in the same way as viruses, so they have typically been less prevalent. According to Sophos, their increased popularity shows the extent to which the creation of malware is increasingly becoming the preserve of professional criminals.

"There's been a shift towards Trojans to make money," said Graham Cluley, senior technology consultant at Sophos.

The IT security landscape has changed over recent months, with credit card fraud gangs, virus writing gangs, spammers and malicious hackers becoming more closely entwined, added Cluley.

One factor may be the anti-spam legislation that has been passed in many countries. Although these laws have been condemned as toothless in some quarters, Cluley claimed the legislation has helped to educate users to avoid unsolicited mail. As such, spammers have been forced to widen their activities.

2005 has seen several high-profile instances of businesses being hit by cybercrime. Back in March, it emerged that police had foiled an attempt to steal £220m from Sumitomo Mitsui Bank using keystroke loggers.

The top 10 viruses detected by Sophos so far this year all took advantage of flaws in Microsoft products, as virus writers target what Sophos calls "the great unwashed public".

But attacks directed at specific organisations could also take advantage of problems in other software, warned Cluley.

"We're also seeing vulnerabilities in Linux, Unix and Mac software too. No-one's perfect," he said.

Today's cybercrime gangs
Who are these mysterious organised criminals who have taken to writing viruses and launching cyberattacks? Cluley cited three gangs who he said epitomised the threat.

Superzonda
Superzonda have been known to be a threat for at least the last two years.

The BBC reported in July 2003 that Superzonda operated 24 hours a day, seven days a week, all over the world. Cluley said of them: "Until recently they were sending 50 million spams a day, but recent anti-spam legislation has reined them in."

The BBC also reported that Superzonda used British Airways without its knowledge to host a Web site advertising Russian mail order brides.

HangUp
HangUp, based in Russia, is suspected of writing viruses that steal financial information.

Reports claim that they plant software bugs to steal passwords, and rent out huge networks to send out viruses and spam. HangUp allegedly has 4,000 members operating worldwide, including Americans, Brazilians, Britons, Russians, and Spaniards.

ShadowCrew:
ShadowCrew were a massive underground network of criminals who bought and sold credit-card details, social security numbers and identification documents. They sold credit-card numbers, email accounts, passports, driver's licenses and student IDs, and were estimated to have caused over $4m (£2m) in losses for card issuers and banks.

However, the US Secret Service broke up the gang in 2004. Cluley said it was "great" that they had been smashed, but warned that "they are now fractured" so it could be hard to keep track of individual offenders.