[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Cybercrooks ramp up against antivirus firms -- and each other
By Tom Espiner
April 4, 2006
Cybercriminals are increasingly fighting each other, as well as
antivirus vendors, in pursuit of illegal gain, Kaspersky Lab has
The antivirus provider said Tuesday that as profits from cybercrime
grew in 2005, criminals increasingly tried to prevent antivirus
providers from developing protection against the latest threats.
"Honeypots," or lightly protected systems set up to collect samples of
malicious software for antivirus companies, were a prime target,
Criminals can use legions of compromised "zombie" computers, called
"botnets," to bombard honeypot networks with data to hinder or stop
them working, according to Kaspersky's "Malware Evolution: 2005, Part
2" report, published Monday.
"If the bad guys are aware of a network that looks suspicious because
it's too unprotected--to lure bad code--they can take steps like
launching (distributed denial-of-service) attacks against that
honeypot network. They can then launch other attacks simultaneously
(against other targets)," said David Emm, senior technology consultant
Worms can also be programmed to avoid domains known to be monitored by
"Criminals will employ whatever evasive techniques they can," Emm
In 2005, cybercriminals increasingly used techniques such as creating
their own packing mechanisms to compress malicious code, so that they
could try to avoid detection by antivirus software. Creators of
malicious software also now routinely include code that will try to
either disable antivirus updating mechanisms on infected machines or
remove antivirus software completely, Emm said.
Cybercriminals are also increasingly targeting one another to maximize
financial gain, according to Kaspersky's research. "It's like any kind
of economic venture. Those that get smarter survive. Organized
criminal structures are run as businesses, and they take over smaller
guys," Emm said.
Kaspersky also said that cybercriminals often launch distributed
denial-of-service attacks against rivals to stop them from operating,
and they attempt to hijack each other's botnets. They also program
their software to attempt to disable any other malicious software that
has already been installed on an infected PC.
"Criminals have realized that it is much simpler to obtain already
infected resources than to maintain their own botnets or to spend
money on buying parts of botnets which are already in use," Yury
Mashevsky, a virus analyst at Kaspersky, said in the report.
Kaspersky also reported that it had detected a five-fold increase over
2005 in the amount of malicious software designed to steal financial
Tom Espiner of ZDNet UK reported from London.
Donate online for the Ron Santo Walk to Cure Diabetes