Virus writers shifting focus from causing havoc to making money.

Yet more reasons to make sure you keep your virus scanner updated and your system patched.

The trend among virus writers these days is a move away from causing havoc and destruction for notoriety to infecting and commandeering PCs as a means of making money. How? By offering up networks of infected machines for everything from spreading SPAM to hosting scammer’s webpages. It’s estimated that a third of all the SPAM currently circulating on the Internet is sent by or relayed through PCs that have been taken over by these Trojan programs and the virus writers are slowly increasing the sophistication of their creations by borrowing some ideas from the Peer-to-Peer networking crowd:

Hackers steal from pirates, to no good end | CNET News.com

Joe Stewart, a computer expert at Lurhq, a security company based in Chicago, said that he discovered this new phase in the evolution of Trojan horse programs while taking apart a program called Backdoor.Sinit, which has been circulating on the Internet since late September.

Sinit, Stewart said, does something unexpected: It uses the commandeered machines to form a peer-to-peer network like the popular Kazaa program used to trade music files. Each machine on the network can share resources and provide information to the others without being controlled by a central server machine.

“It’s like Kazaa only without all the pesky copyrighted files,” Stewart said. And, as the music industry has discovered, when there is no central machine, “these tactics make it impossible to shut down,” he said.

Computer security researchers have been watching the evolution of remote-access rogue programs as they have become more common and have put more machines under the control of hackers. Programs like Sinit infect target machines and surreptitiously open back doors that allow outsiders to control the PCs.

The rings of infected computers have been used to send spam, to present online advertisements for pornographic Web sites or to trick people into giving up information like credit card numbers.

The move to broadband appears to be increasing, even my parents have broadband now, and the number of people who leave their PCs turned on all the time is also growing. It’s also true that the majority of PC users are pretty clueless about patching their PCs and making sure their virus scanner is updated, let alone having a firewall installed, and when you combine that with the trend by ISPs and webhosting companies toward cracking down on SPAM pushers and scammers it’s no big surprise that the virus writers are suddenly hearing cash registers ringing in their ears.

The simple truth is that if you’re not at least learning enough about securing your system to make sure that at a bare minimum it’s fully patched and has a current virus scanner on it then you’re just contributing to the problem. Especially if you’re leaving it on all the time and have broadband. Everyone likes to complain about SPAM and scammers, but few seem to realize they can help alleviate both problems just by securing their home PC.

5 thoughts on “Virus writers shifting focus from causing havoc to making money.

  1. I would add another option, which is to lock down your network connection at the router.  Speaking for myself, I don’t bother with Microsoft’s auto-update, or virus scanners.  But I don’t have any problems with the guys in black hats, because almost all traffic from the outside world is blocked.  I run a grand total of two public services on my Linux router, and using firewall rules means knowing exactly what my exposure is.

    If someone’s not proficient enough to know which services are secure and/or harmless, they can always block incoming traffic entirely.  That works very well, assuming you can convince them not to run any random .EXE’s which get emailed to them.  Sometimes that’s hard to do.

  2. Just to add these other names for same thing

    BackDoor.Iterator (Dialogue Science)
    Backdoor.Sinit (NAV)
    Trojan.Win32.DirectPlugin.a (AVP)

  3. Certainly keeping Windows patched and a virus scanner updated isn’t the best of all solutions, but a lot of problems could be minimized if more folks did at least those two things. The average computer user out there doesn’t have the level of knowledge of many of us geeks, let alone the desire to learn that much about networking security, so the simplier the solution the better. Even then it’s obvious that these two relatively simple steps are more than what a lot of folks are motivated to do.

  4. Hey, Red Dwarf, I checked out your blog kind of accidentally (I don’t remember what I clicked on, but all of a sudden I was looking at your cats).  Cool cats, all of ‘em.

    PS.  I LOVE your photo montage of enduser “fixes.”  I fell out of my chair when I saw the “Duct tape fixes anything” one.  The credit cards in the floppy drive just made my brain completely lock up, though.  That had to be a setup.  No one’s THAT dumb!:chuckle:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.