Viruses, Trojans and spam: the new joint venture

Gillespie, a senior security analyst with the Australian Computer Emergency Response Team (AusCERT), told ZDNet Australia that in the last year, while "we haven't seen a new giant worm like Blaster, we have seen a lot of convergence in viruses and trojans, providing a lot more remote access capability. The spammers appear to be joining forces with the virus writers. We're seeing a bit of a convergence with the malicious users out there on the Net -- sort of teaming up to further their goals."

According to Gillespie, it appears that people who are initiating financial fraud through online banking are "using the spammers to send their spam, and using target-written trojans installed on the computers to capture keystrokes. So all of these things that used to be off on their own are now teaming together."

And the motivation is clear. "If you can pay $1000 to a spammer to spam stuff out, that's easy money for them, same for a trojan writer who may have just been doing it for kicks. If you wave $1000 under his nose, hell -- they'll modify it however you want," said Gillespie.

The comments came as AusCERT prepares to start collating responses from its Computer Crime and Security survey, which is seeking participation from over 500 Australian public and private sector enterprises. Responses will be taken up to midnight on Monday 28 February.

The survey, which is run in conjunction with a host of Australian organisations concerned with high-tech crime and security, seeks to gain a better understanding of the extent, nature and impact of computer crime in Australia, as well as identify the most common computer network threats and raise awareness of computer security issues. The results are due to be released in May 2005.

Last year's survey, which targeted 17 private industry sectors and all tiers of government, found that "the average annual losses for electronic attack, computer crime or computer access misuse or abuse had increased to $116,212 per organisation," which was 20 percent more than the average for 2003.

The survey also found that 49 percent of organisations in 2004 "experienced electronic attacks that harmed the confidentiality, integrity or availability of network data or systems", as opposed to 42 percent in 2003. In addition, for the third consecutive year, infections from viruses, worms or trojans were the most common form of electronic attacks reported, and also the greatest cause of financial loss. Such attacks accounted for 45 percent of total losses in 2004, followed by laptop theft, and abuse and misuse of computer network access or resources.

Gillespie said that AusCERT is "expecting malicious code such as viruses, trojans and worms to remain as one of the top attack methods or attack trends that people will be seeing." Furthermore: "Most likely, laptop theft will remain as one of the top five as well, and of course it's possible, although I won't count on it until I see it, that we'll see an increase in financial fraud. Unfortunately, a lot of the financial fraud that we're seeing through bank scams and phishing is a personal home user kind of thing ... the organisations may not be seeing that yet."

Federal Agent Alastair MacGibbon, who is Director of the Australian High Tech Crime Centre said of the 2004 results that "Police agencies will find the survey useful because it highlights vulnerabilities; goes some way of quantifying the victim base; and because it gives us an indication of what businesses think and how they respond to IT security incidents."

And according to Detective Inspector Bruce van der Graaf of the Computer Crime Team, New South Wales Police, computer security is an issue for everyone, even those who simply have a PC in their own home. "There is no excuse to be using computers with known vulnerabilities, even for home users," said van der Graaf.

Gillespie certainly believes that end users are the weakest link in the security chain, however he pointed out that keeping up to date with computer security can be a bit overwhelming, saying: "If they're not aware of things, they may not understand the need for running anti-spyware as well as anti-virus, firewalls and everything like that. It can overload users quite easily."

Regarding future threats, Gillespie would not be drawn on what we are likely to see, but he pointed out that it just takes a different perspective or a minor change for new threats to emerge. "A lot of what we've been seeing will only have minor modifications, but it's possible that someone will look at something slightly differently," he said.

AusCERT is being supported in its efforts to produce the 2005 survey by the Australian High Tech Crime Centre and the Australian Federal Police as well as police organisations from every Australian state and territory. In addition the survey is being sponsored by the Australian Government's Attorney-General's Department and the Department of Communications, Information Technology and the Arts.

AusCERT has also announced that registration for its Asia Pacific Information Technology Security Conference is now available.