Organized Crime Invades Cyberspace
Once the work of vandals, viruses and other malware are now being launched by criminals looking for profits.
Computerworld - Antivirus researchers have uncovered a startling increase in organized virus- and worm-writing activity that they say is powering an underground economy specializing in identity theft and spam.
"The July outbreak of MyDoom.O was yet another reminder that spammers are now using sophisticated, blended threats that mix spam, viruses and denial-of-service attacks," according to Andrew Lochart, director of product marketing at Postini Inc., an e-mail security services provider in Redwood City, Calif. In July alone, Postini's customers reported more than 16 million directory harvest attacks, which are attempts by spammers to hijack a company's entire e-mail directory.
The link between viruses, worms and the underground criminal economy, however, goes back to long before the latest version of MyDoom, says Mikko Hypponen, antivirus research director at F-Secure Corp. in Helsinki, Finland. Starting with the initial outbreak of MyDoom in January, Hypponen began to notice that what had previously been considered little more than a rogue virus-writing subculture actually had a significant link to organized efforts to use malicious code to make money.
"MyDoom got press coverage because of the denial-of-service attack it launched against SCO and Microsoft Corp.," says Hypponen. "But nobody was paying attention to what was happening behind the scenes."
And what was happening, according to Hypponen, was the beginning of a concerted, unabashed effort to turn virus and worm infections into cash.
Eight days after MyDoom.A hit the Internet, somebody scanned millions of IP addresses looking for the back door left by the worm, said Hypponen. The attackers searched for systems with a Trojan horse called Mitglieder installed and then used those systems as their spam engines. As a result, millions of computers across the Internet were now for sale to the underground spam community.
Image Credit: Anastasia Vasilakis
By the end of January, Internet users were busy dealing with the Bagle mass mailer. And although the first version wasn't particularly successful, at least a dozen variants soon followed, including variants that carried Mitglieder.
But the real clues that organized gangs were using Bagle and MyDoom to sell spam proxies -- as well as links to phony Web sites that exist only to harvest identities and personal financial information -- came when the writer behind Netsky.R posed a direct challenge to the so-called professional virus writers.
In addition to attempting to remove Bagle and MyDoom from infected computers, Netsky conducted a denial-of-service attack against Web sites known to be fronts for identity thieves, according to Hypponen.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!