Feeds

Viruses, phishing, and trojans for profit

Malware is big money

Choosing a cloud hosting partner with confidence

Comment Following the 2006 International Virus Bulletin Conference, Kelly Martin takes a look at the profit motives of the cyber criminals behind modern viruses, targeted trojans, phishing scams, and botnet attacks that are stealing millions from organisations and individuals.

Virus Bulletin 2006, the international virus conference, was held in Montreal this year. Just a few weeks ago I was fortunate enough to attend many of the presentations, which ranged from topics of targeted trojan attacks, botnets and new methods of botnet coordination, to the growing criminal element behind viruses. It's sometimes shocking to see how much the virus world has changed in the last few years. I'd wager that if there was just one overall theme of the conference, it was about criminals and the new profit motive behind today's malware. Long gone are the days when viruses were made by hackers just for fun.

My favorite quote taken from the excellent, low-key conference was during a panel discussion on fighting cyber crime: "If anyone in the audience is a member of organised crime, please raise your hand." [laughter]

There's big money on the criminal side of viruses these days. The past two or three years has seen a dramatic rise in for-profit virus activity at every level, from the people running botnets and making money off spyware to widespread phishing attacks and various trojans that encrypt a user's data and request a ransom. There are countless viruses that are used to send out a very large amount of spam, which is quite profitable. There's money laundering and organised crime involved, because the dollar amounts are becoming huge. And then there's the whole range of aggregate identity and credit card theft plus the targeted trojans that can be used to steal millions of dollars from just one company. Money, money, and viruses. The situation is getting pretty grave, indeed.

I'd like to look at the profit motive in some detail, to understand this dangerous new trend. First allow me to lump together the myriad of today's for-profit virus threats into just two camps, for the purpose of this column: those threats that target the Little Guy, like individuals and individual organisations (via targeted trojans, general trojans, rootkits and targeted hacking), and those amalgamated threats that target Big Populations (via botnets, tonnes of spam, and spyware). The virus folks behind both camps seek to steal money, information and identities. But they work in different ways.

Scammers and spammers work on the aggregate

Attacks against Big Populations tend to skim a little bit of money off many people. A teenager or young adult controlling a botnet can make a six figure income, from between just a few hundred dollars to many thousands of dollars each month.

They install spyware on the infected machines in the botnet, and sleazy spyware companies pay them real money for it. They also sell access to the botnet for spamming, and they make money from this by the hour. They can also point their botnet at a casino, poker, or porn website and extort money from the owners by threatening to issue a Distributed Denial-of-Service attack, which would take the company offline.

Or, they can just log everything on the thousands (or hundreds of thousands, or even millions) of machines in a typical botnet, aggregate the logs up and sell them by the megabyte. Inside those logs might be credit card numbers, online banking passwords, Social Security Numbers, and much more. Many botnet owners don't yet focus on this, as they are more interested in stealing a little bit away from everyone.

I think it's fair to say that the criminals running botnets, until a few years ago, didn't realise the kind of power they had. I'd argue that they still don't, as there is a treasure trove of information on each machine that is not being mined to its fullest. But the day is coming.

Choosing a cloud hosting partner with confidence

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.