[ISN] Cybercrooks ramp up against antivirus firms -- and each other

InfoSec News isn at c4i.org
Thu Apr 6 04:29:20 EDT 2006 

http://news.zdnet.com/2100-1009_22-6057654.html

By Tom Espiner 
ZDNet (UK) 
April 4, 2006

Cybercriminals are increasingly fighting each other, as well as 
antivirus vendors, in pursuit of illegal gain, Kaspersky Lab has 
warned. 

The antivirus provider said Tuesday that as profits from cybercrime 
grew in 2005, criminals increasingly tried to prevent antivirus 
providers from developing protection against the latest threats. 
"Honeypots," or lightly protected systems set up to collect samples of 
malicious software for antivirus companies, were a prime target, 
Kaspersky said. 

Criminals can use legions of compromised "zombie" computers, called 
"botnets," to bombard honeypot networks with data to hinder or stop 
them working, according to Kaspersky's "Malware Evolution: 2005, Part 
2" report, published Monday. 

"If the bad guys are aware of a network that looks suspicious because 
it's too unprotected--to lure bad code--they can take steps like 
launching (distributed denial-of-service) attacks against that 
honeypot network. They can then launch other attacks simultaneously 
(against other targets)," said David Emm, senior technology consultant 
for Kaspersky. 

Worms can also be programmed to avoid domains known to be monitored by 
antivirus companies. 

"Criminals will employ whatever evasive techniques they can," Emm 
said. 

In 2005, cybercriminals increasingly used techniques such as creating 
their own packing mechanisms to compress malicious code, so that they 
could try to avoid detection by antivirus software. Creators of 
malicious software also now routinely include code that will try to 
either disable antivirus updating mechanisms on infected machines or 
remove antivirus software completely, Emm said. 

Cybercriminals are also increasingly targeting one another to maximize 
financial gain, according to Kaspersky's research. "It's like any kind 
of economic venture. Those that get smarter survive. Organized 
criminal structures are run as businesses, and they take over smaller 
guys," Emm said. 

Kaspersky also said that cybercriminals often launch distributed 
denial-of-service attacks against rivals to stop them from operating, 
and they attempt to hijack each other's botnets. They also program 
their software to attempt to disable any other malicious software that 
has already been installed on an infected PC. 

"Criminals have realized that it is much simpler to obtain already 
infected resources than to maintain their own botnets or to spend 
money on buying parts of botnets which are already in use," Yury 
Mashevsky, a virus analyst at Kaspersky, said in the report. 

Kaspersky also reported that it had detected a five-fold increase over 
2005 in the amount of malicious software designed to steal financial 
information. 

Tom Espiner of ZDNet UK reported from London.

More information about the ISN mailing list