December 29, 2008

2008 A Big Year For Cyber-Thieves

If 2007 saw the rise of professional cyber-thieves, then 2008 was the year they perfected their work.   

"The underground economy is flourishing," said Dan Hubbard, chief technology officer at security firm Websense.

"They are not just more organized," he told BBC News, "they are co-operating more and showing more business savvy in how they monetize what they do."

Data collected by companies fighting high-tech crime show just how busy professional high-tech criminals have been during the past year.

Sophos reports it is now seeing more than 20,000 new malicious programs every day.  Meanwhile, 2008 was the first year in which Symantec's anti-virus software protects against more than one million viruses.  Such viruses initially appeared more than two decades ago, but the majority of that million plus total have been created in the last two or three years, most targeting Windows PCs.

There are two reasons criminal cyber-gangs generate so many viruses: creating many variants of the same virus can confuse anti-virus software, and staging a series of small outbreaks can often avoid detection by anti-virus software, which often focuses only on large outbreaks.

A separate Sophos statistic reveals the changing tactics of the cyber criminals.  Prior to 2008, the preferred method of attack was a malicious attachment sent via e-mail often with pornographic, provocative or personal subject lines to trick recipients into opening them.  Those doing so risk having their home computers hijacked and turned over to cyber-thieves.

However, according to Sophos' Graham Cluley, the main attack strategy began to change this year.  Increasingly, criminals will sabotage Web pages by injecting malicious code into them that compromises the computer of anyone that visits.

By year-end, he said, Sophos was discovering a newly infected Web page nearly every 4 seconds.

The type of page being compromised had also changed, Cluley added. Before this year, it was primarily pornographic, gambling and pirated software sites that were unknowing hosts for such malicious code.  However, this year cyber-thieves turned instead to mainstream sites with large audiences. 

Mikko Hypponen, chief research officer at F-Secure, said 2008 was the year in which many cyber gangs became more sophisticated.  He cited the virus known as Mebroot as a good example.

"We saw it very early in the year and it continues to be a very complicated case," he told BBC News, referring to Mebroot's built-in bug reporting system.  Whenever Mebroot is detected or malfunctions it sends a report to its creators who then create a new version with the bug fixed.

"It's amazing that the bad guys were capable of pulling this off," added Mr. Hypponen.

Websense's Dan Hubbard said 2008 was also significant in that some hi-tech criminals turned away from viruses altogether and instead embraced a different way to make money.

For instance, he said, many were creating bogus security programs that look legitimate but were not.  Once installed, they appear to conduct a detailed scan of a computer, and always find many instances of spyware and other malicious programs.

Repairing these viruses with the phony security programs always involves a fee, said Mr. Hubbard.

"They are testing legal boundaries that are a grey area right now."

In mid-December, the US Federal Trade Commission (FTC) won a restraining order to shut down several firms that operated these so-called "scareware" scams.  However, that is likely too late for the up to five million people that have already fallen victim to the scam, according to research by Israeli security firm Finjan.

A U.S. court also granted the FTC an injunction that stopped those behind the phony software from advertising their products or making false claims about their capabilities.  The injunction also froze assets in the hope that victims could be refunded any fees they had paid.

There were other big successes against cyber criminals this year. In mid-November, the volume of spam plunged worldwide after the closure of internet service provider McColo.

This, and other successes, Hypponen said, were due primarily to action by ISPs, the media and other network-related firms rather than law enforcement.  This is because of the international nature of hi-tech crime, which makes it problematic for law enforcement to rapidly conduct investigations and make arrests.

"The vast majority of these cases do not seem to go anywhere," he said.

However, despite all the success in fighting cyber crime, Mr. Hypponen said 2008 was a very good year for criminals.


On the Net: