Cybercriminals are increasingly fighting each other, as well as antivirus
vendors, in pursuit of illegal gain, Kaspersky Lab has warned.
The antivirus provider said Tuesday that as profits from cybercrime grew in
2005, criminals increasingly tried to prevent antivirus providers from
developing protection against the latest threats. "Honeypots,"
or lightly protected systems set up to collect samples of malicious software for
antivirus companies, were a prime target, Kaspersky said.
Criminals can use legions of
compromised "zombie" computers, called "botnets," to bombard honeypot
networks with data to hinder or stop them working, according to Kaspersky's "Malware Evolution: 2005, Part 2" report, published Monday.
"If the bad guys are aware of a network that looks suspicious because it's
too unprotected--to lure bad code--they can take steps like launching
(distributed denial-of-service) attacks against that honeypot network. They can
then launch other attacks simultaneously (against other targets)," said David
Emm, senior technology consultant for Kaspersky.
Worms can also be programmed to avoid domains known to be monitored by
"Criminals will employ whatever evasive techniques they can," Emm said.
In 2005, cybercriminals
increasingly used techniques such as creating their own packing mechanisms to
compress malicious code, so that they could try to avoid detection by antivirus
software. Creators of malicious software also now routinely include code that
will try to either disable antivirus updating mechanisms on infected machines or
remove antivirus software completely, Emm said.
Cybercriminals are also increasingly targeting one another to maximize
financial gain, according to Kaspersky's research. "It's like any kind of
economic venture. Those that get smarter survive. Organized criminal structures
are run as businesses, and they take over smaller guys," Emm said.
Kaspersky also said that cybercriminals often launch distributed
denial-of-service attacks against rivals to stop them from operating, and they
attempt to hijack each other's botnets. They also program their software to
attempt to disable any other malicious software that has already been installed
on an infected PC.
"Criminals have realized that it is much simpler to obtain already infected
resources than to maintain their own botnets or to spend money on buying parts
of botnets which are already in use," Yury Mashevsky, a virus analyst at
Kaspersky, said in the report.
also reported that it had detected a five-fold increase over 2005 in the amount
of malicious software designed to steal financial information.
Tom Espiner of ZDNet UK reported from London.