Home / World Business
Mon, Nov 29, 2004 - Page 12 News List

Virus writers look to turn a profit

THE GUARDIAN , LONDON

The shady world of the virus writer is changing. Programmers of computer viruses used to do it for fun, out of intellectual curiosity, or just bloody-mindedness, infecting computers with malevolent code because they could.

But now there are worrying signs that virus writing has evolved into a lucrative industry, with spammers, mobsters and blackmailers in on the act.

"What we've seen in the past 18 months or so is a shift in the way viruses work," says Graham Cluley, senior technology consultant at Sophos, the UK-based anti-virus company. "It's all about money."

Yesterday's viruses carried isolated payloads, which could be anything from displaying a benign message on the screen to wiping your hard drive. Once the payload had been delivered and the virus had copied itself to another machine, its work was done.

Today's malware is often different: it creates a back door on a PC, enabling hackers to control it over the Internet and use it for nefarious purposes.

"Zombies," or "bots," PCs that have been infected in this way, are being used to make money for a new generation of criminal, explains Alex Shipp, senior anti-virus technologist at MessageLabs.

For example, "the hackers will change the phone number your PC's modem dials to dial an expensive number and make money for them. If you are using broadband, that's even better, because you have a fast connection to the Internet. They can use your computer to send out spam and charge people for the service."

Spammers prefer to send unsolicited commercial email from compromised machines on "botnets" because it makes it more difficult for recipients to block the mail, and it protects the spammers' servers from being tracked and shut down. Networks of tens of thousands of Windows PCs are used for such purposes.

Telenor, an ISP, recently shut down a 10,000-strong botnet of computers controlled over the Internet Relay Chat (IRC) network.

Once a team of virus writers has grown its botnet to a sufficient size, it can sell it as a resource.

Sales of "botnet time" between criminals are often conducted through covert negotiations on IRC, the very mechanism used to control the botnets.

Internet worms are now becoming increasingly sophisticated in their attempts to recruit desktop PCs into botnets.

One of the latest, Bofra, sets up its own Web server on an infected PC and then e-mails its address to contacts in the PC's e-mail address book. When recipients click on the e-mail -- which has no virus inside it -- they are taken to the infected PC, which in turn tries to infect their computers.

Each infected computer listens on the IRC network for hackers that want to take control of it.

The spread of Bofra has been limited, and corporate machines are unlikely to be infected by it because of weaknesses in the way it works.

However, that doesn't matter, says Pete Simpson, Threatlab manager at Clearswift, an e-mail security software company.

"It's the unprotected PCs -- the soft underbelly of the Internet -- that have been infected," he said.

"These crooks are not interested in collecting owned corporate PCs. They are gathering a free resource that can be sold on for spamming attacks," he said.

The sort of people who use Windows PCs that have not been patched with recent updates, including SP2, and who don't have firewalls, are also the ones who may not notice their PC is being used for spamming, and won't know how to respond.

This story has been viewed 3531 times.
TOP top