Cyber crime spreads its viruses

“It was a very good year for the cyber criminal”. That is the depressing conclusion given by Guy Bunker, chief scientist at Symantec, on the basis of his company’s Internet Security Threat Report for EMEA 2008. “They had a productive time, creating 60 per cent of all known malware in one year.”

This explosion in activity reflects the commercialisation of Internet attacks, with the origins moving from amateur hackers to organised crime. Even the basic components are now being sold like legitimate products. “One of the phishing toolkits is responsible for 14 per cent of all phishing on its own,” notes Bunker. It can be bought for a couple of dollars.

“People leave their computers on all the time with broadband. That becomes a valuable asset to cyber criminals who seize computing power,” he says. One advantage for criminals of this usage pattern is the ability to send millions of phishing emails from a single hijacked system, rather than having to gain control of multiple computers.

There were some successes in the battle against Internet fraud. The closure of a number of “cyber crime-friendly” ISPs led to a decrease of between 50 and 70 per cent in overall spam volumes. But new hubs for criminal Net activity have developed in Russia, Poland and Brazil from where attacks can be launched remotely.

The UK suffers most from the use of back doors and Trojans, something Bunker puts down to the way cyber criminals look for vulnerabilities and then exploit them rigorously until they are closed. “They will use a technique in one region, then when it gets shut down, they move onto somewhere else,” he says.

Patches are usually developed in less than one week from detection of a worm or virus. With the explosion in multi-media online, however, it has become easier for cyber criminals to get Net users to download an attachment without checking it. Many users of computers in the workplace switch off anti-virus software in order to enable their access to such content, thereby leaving themselves open to attack.

Last year’s Brisv worm modified multimedia files to open malicious URLs in this way and was the top new piece of malware reported in 2008. Worryingly, 87 per cent of confidential information threats had remote access capabilities, although this was down from 94 per cent in 2007.

“Companies need to review their security policies to ensure people can’t switch off anti-virus applications and create vulnerabilities. The other thing they need to look at is smart phones,” adds Bunker.

“A lot of computers have Web-enabled applications that give access to smart phones. If you run a report on your top 100 customers and their credit card details using that device, that is of very high value for cyber criminals,” says Bunker. Blackberries and iPhones could be compromising corporate firewalls.

To assess Internet security risks, Symantec monitors 750,000 servers in 200 countries, allowing it to watch how a partcular technique gets adopted from one country into another. Often the initial attack is trialled in a remote locaion, such as Peru, in the hope of testing it band then rolliing out before a security patch gets written.

The scale of the effort being applied to online criminal activity is sometimes bewildering. According to Bunker, 60 per cent of all the software written in Windows is malicious. “We use behavioural analysis to look at what an application is trying to do when it is installed,” he says. As soon as it acts improperly, such as linking to a phishing site, it is identified as malware and a security patch gets developed.

Looking at the trends for this year, Bunker believes it will prove to be a bumper one for cyber criminals. “Consumers in a down economy are looking to save money. Where do they go to do that? The Internet. That is what cyber criminals are planning to do, too – putting up offers to lure people in,” he warns.