Virus writing: It's a thieves' game

More than half of all malware on the Internet is an attempt to steal money from unwitting victims, a study published on Monday has found.

According to Symantec's Internet Security Threat Report, 54 percent of the 50 most common worms and viruses sent between July and December last year were written to steal money and identities from people. This compares to 44 percent for the first six months of 2004, and indicates that today's virus writers are motivated by financial reward rather than just being interested in disrupting IT systems.

"Attackers are launching increasingly sophisticated attacks in an effort to compromise the integrity of corporate and personal information," said Arthur Wong, vice-president of Symantec's Security Response Services.

Spyware such as keystroke loggers was probably used in last week's attempted robbery of Sumitomo Mitsui bank. Keystroke loggers work by recording what a person types and then transmitting that data back to a pre-determined location or person. Trojan horse programs can allow hackers to take remote control of PCs.

Identity theft emails, or phishing scams, that use social engineering tactics to con people into handing over banking details have also increased. Symantec detected 33 million phishing attempts per week in December 2004, which was an increase of 366 percent since July 2004, when a mere nine million were detected each week.

Those viruses and worms that aren't part of an attempt to steal money will typically only disrupt networks or IT systems, often by mass-mailing themselves to a user's contacts.