July 6, 2005
Hackers Make Way for Criminals, Experts Say
AMSTERDAM -- Spotty teenage hackers who set off global email viruses are being replaced by serious online crooks whose stealth attacks don't make headlines but cause more damage, security software makers said on Tuesday.
"Two years ago we stayed up all night, concerned about a great mass-mailing worm," said Mario Juarez, a product manager at the security business unit of U.S.-based Microsoft.
"What you see more of are a variety of attacks that are carried out to make money, such as stealing credit card details or threatening a Web site with a denial of service attack unless it pays then money."
He spoke on the same day a 19-year old German man admitted in court he had written the Sasser computer worm.
In 2004 the worm knocked out an estimated one million computer systems among home users and companies by spreading on the ubiquitous Microsoft Windows operating system.
The U.S. computer giant has since had to close many open back doors in its software and fix other security holes. After issuing a series of patches, it claims its software is a lot safer now. More improvements are planned.
"Today in Outlook Express, if you click on a link, the virus program won't execute," said Detlef Eckert, senior director for trustworthy computing at Microsoft's European organization, referring to Microsoft's email software.
What helps is that consumers are better informed about viruses and worms and have become reluctant to open email attachments that may unleash a harmful computer program.
But the targeted robberies of individuals or small groups of people are more sophisticated than the mass-mailing worms that created only modest damage.
Some new viruses now infect Web sites and can then enter personal computers that are well protected, Eckert said.
"Very often, these customers don't know they are at risk, or even that they are being attacked," he said.
Other software security experts said there were fewer scares over mass-mailing worms this year but instead there was a sharp increase in the number of "Trojans" that can quietly obtain bank account details and passwords.
"We've seen many more Trojans. The more organized groups are aiming at targeted victims. And if you're an organized crime group, you don't want the headlines. You may be a lot more successful without them," said Graham Cluley, senior technology consultant for British anti-virus firm Sophos.
Cluley said it was too early to cry victory over mass-mailing viruses and the trend of real criminals hitting on select groups of users meant that Microsoft programs were no longer the default target.
Until now, teenage hackers aimed at Microsoft programs not only because they had security holes, but also because they run on 95 percent of all computers and were the best chance for a global spread of a virus.
However, if the main aim is to steal money, the criminal hackers would focus on the weakest link, which in the future may well be non-Microsoft programs, Cluley said.
The computer security experts do not expect there will ever be perfectly safe computers. The attraction of more online financial transactions was too appealing for criminals.
"The first lock attracted a lock picker," Juarez said.