Cybercrooks duel antivirus firms--and each other

Cybercrooks duel antivirus firms--and each other

Summary: Net criminals are fighting the good guys--and other bad guys--as they pursue more financial gain, Kaspersky Labs says.

SHARE:

Cybercriminals are increasingly fighting each other, as well as antivirus vendors, in pursuit of illegal gain, Kaspersky Lab has warned.

The antivirus provider said Tuesday that as profits from cybercrime grew in 2005, criminals increasingly tried to prevent antivirus providers from developing protection against the latest threats. "Honeypots," or lightly protected systems set up to collect samples of malicious software for antivirus companies, were a prime target, Kaspersky said.

Criminals can use legions of compromised "zombie" computers, called "botnets," to bombard honeypot networks with data to hinder or stop them working, according to Kaspersky's "Malware Evolution: 2005, Part 2" report, published Monday.

"If the bad guys are aware of a network that looks suspicious because it's too unprotected--to lure bad code--they can take steps like launching (distributed denial-of-service) attacks against that honeypot network. They can then launch other attacks simultaneously (against other targets)," said David Emm, senior technology consultant for Kaspersky.

Worms can also be programmed to avoid domains known to be monitored by antivirus companies.

"Criminals will employ whatever evasive techniques they can," Emm said.

In 2005, cybercriminals increasingly used techniques such as creating their own packing mechanisms to compress malicious code, so that they could try to avoid detection by antivirus software. Creators of malicious software also now routinely include code that will try to either disable antivirus updating mechanisms on infected machines or remove antivirus software completely, Emm said.

Cybercriminals are also increasingly targeting one another to maximize financial gain, according to Kaspersky's research. "It's like any kind of economic venture. Those that get smarter survive. Organized criminal structures are run as businesses, and they take over smaller guys," Emm said.

Kaspersky also said that cybercriminals often launch distributed denial-of-service attacks against rivals to stop them from operating, and they attempt to hijack each other's botnets. They also program their software to attempt to disable any other malicious software that has already been installed on an infected PC.

"Criminals have realized that it is much simpler to obtain already infected resources than to maintain their own botnets or to spend money on buying parts of botnets which are already in use," Yury Mashevsky, a virus analyst at Kaspersky, said in the report.

Kaspersky also reported that it had detected a five-fold increase over 2005 in the amount of malicious software designed to steal financial information.

Tom Espiner of ZDNet UK reported from London.

Topics: Networking, Apps, Data Management, Security, Software

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion