Organized Crime Invades Cyberspace
Antivirus researchers say a surprising increase in virus and worm activity is linked to an underground economy in identity theft and spam. F-Secure antivirus research director Mikko Hypponen says the connection is not very new, though until recently the writers were thought to be only a rogue subculture.
He says MyDoom was the start of a concerted effort to make money from virus and worm infections. Although the MyDoom worm gained notoriety for its denial-of-service attacks against SCO and Microsoft, the more significant activity was going on behind the scenes, when someone scanned millions of IP addresses for backdoors left open by the virus. A network was set up, ready to service the underground spam market.
F-Secure analysts decoding encrypted messages in a version of Bagle found warnings to the author of the Netsky.R virus. Bands of hackers, likely Russian immigrants living in different European countries, had been using Bagle and other malware to expand their spam proxy networks, but the Netsky.R author used the infection to clean out those spammers’ viruses and was running denial-of-service attacks against their front Web sites.
Symantec director Brian Dunphy says that a recent variant of MyDoom featured peer-to-peer networking capabilities that allowed the author to update infected machines and protect his network against rivals.
Viruses and worms are also being used to install Web servers on vulnerable systems; Web sites often sell subscription services on compromised computers. Some support identity theft rings, harvesting credit card and other information to sell underground.
Abstracted by the National Law Enforcement and Corrections Technology Center(NLECTC) from the Computerworld (08/30/04) Vol. 32, No. 35, P. 19; Verton, Dan.