Feeds

Viruses, phishing, and trojans for profit

Malware is big money

SANS - Survey on application security programs

Comment Following the 2006 International Virus Bulletin Conference, Kelly Martin takes a look at the profit motives of the cyber criminals behind modern viruses, targeted trojans, phishing scams, and botnet attacks that are stealing millions from organisations and individuals.

Virus Bulletin 2006, the international virus conference, was held in Montreal this year. Just a few weeks ago I was fortunate enough to attend many of the presentations, which ranged from topics of targeted trojan attacks, botnets and new methods of botnet coordination, to the growing criminal element behind viruses. It's sometimes shocking to see how much the virus world has changed in the last few years. I'd wager that if there was just one overall theme of the conference, it was about criminals and the new profit motive behind today's malware. Long gone are the days when viruses were made by hackers just for fun.

My favorite quote taken from the excellent, low-key conference was during a panel discussion on fighting cyber crime: "If anyone in the audience is a member of organised crime, please raise your hand." [laughter]

There's big money on the criminal side of viruses these days. The past two or three years has seen a dramatic rise in for-profit virus activity at every level, from the people running botnets and making money off spyware to widespread phishing attacks and various trojans that encrypt a user's data and request a ransom. There are countless viruses that are used to send out a very large amount of spam, which is quite profitable. There's money laundering and organised crime involved, because the dollar amounts are becoming huge. And then there's the whole range of aggregate identity and credit card theft plus the targeted trojans that can be used to steal millions of dollars from just one company. Money, money, and viruses. The situation is getting pretty grave, indeed.

I'd like to look at the profit motive in some detail, to understand this dangerous new trend. First allow me to lump together the myriad of today's for-profit virus threats into just two camps, for the purpose of this column: those threats that target the Little Guy, like individuals and individual organisations (via targeted trojans, general trojans, rootkits and targeted hacking), and those amalgamated threats that target Big Populations (via botnets, tonnes of spam, and spyware). The virus folks behind both camps seek to steal money, information and identities. But they work in different ways.

Scammers and spammers work on the aggregate

Attacks against Big Populations tend to skim a little bit of money off many people. A teenager or young adult controlling a botnet can make a six figure income, from between just a few hundred dollars to many thousands of dollars each month.

They install spyware on the infected machines in the botnet, and sleazy spyware companies pay them real money for it. They also sell access to the botnet for spamming, and they make money from this by the hour. They can also point their botnet at a casino, poker, or porn website and extort money from the owners by threatening to issue a Distributed Denial-of-Service attack, which would take the company offline.

Or, they can just log everything on the thousands (or hundreds of thousands, or even millions) of machines in a typical botnet, aggregate the logs up and sell them by the megabyte. Inside those logs might be credit card numbers, online banking passwords, Social Security Numbers, and much more. Many botnet owners don't yet focus on this, as they are more interested in stealing a little bit away from everyone.

I think it's fair to say that the criminals running botnets, until a few years ago, didn't realise the kind of power they had. I'd argue that they still don't, as there is a treasure trove of information on each machine that is not being mined to its fullest. But the day is coming.

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.