If 2003 was the worst year in the history of the computer industry for viruses and spam,
hold onto your hat. This year, according to security experts, is setting up to see the
malicious problems that appeared last year grow and fester into major security problems for
2004.
The malicious marriage of spam and viruses. Virus writers working to make a buck instead of
making a name for themselves in the black hat world. Spam and viruses becoming more of a
heightened security issue than ever before.
These are just some of the predictions from the anti-virus and anti-spam community for the
coming year. They’re all problems that got a foothold in 2003. And from what the security
experts are saying, these problems will only mature and expand in the new year.
”Yes, I definitely see a continuation of the same for this year,” says Scott Olson, a
senior vice president with Austin, Texas-based WholeSecurity, an anti-virus company that
focuses on trojans and backdoors. ”Without a doubt we’re going to see more and more
evolution in these viruses… The damages from these types of attacks are becoming more
real. Companies are losing a ton of money because of down time on their networks, and
intellectual property theft. And customers are becoming victims of identity theft through
faked emails and Trojan horses.”
Viruses and worms caused a lot of damage in 2003. Computer Economics Inc., for instance,
estimated that the SoBig virus cost businesses more than $1 billion in losses, while mi2g, a
security and digital risk management company based in London, placed costs at a whopping
$36.1 billion when losses in productivity and business were factored in. With the MSBlaster
worm, it was hard to calculate a final damage cost but Computer Economics took a stab and
figured that the damages rang in at $500 just within the first few days of the virus’
release.
Beside the increase in financial damage, there were a few major turning points in the virus
world last year.
First off, there was a change in motive. For years, virus authors wrote malicious code
because they wanted the prestige, the name recognition, in their underground community.
Authoring a major virus, one that got worldwide attention or crippled a major company’s
network even for a few minutes, brought underground glory.
But last year, black hats began writing malicious code aimed at lining their wallets, not
their trophy rooms. Viruses dropped Trojans and opened back doors so the author could pilfer
critical information, like user names, passwords, Social Security numbers and bank account
information.
That made the game more dangerous, more malignant. Instead of crashing a computer for a few
minutes or leaving a sarcastic message on a Web site, people were in danger of losing their
life savings.
And as that change was happening, another one was coming to light.
Virus writers were teaming up with the security community’s other arch nemesis — spammers.
Think of the mess. Overnight, spam went from pitching Viagra and get-rich-quick schemes to
tricking hapless email users into hanging out their critical financial information. The
spammers were ‘phishing’ for financial information, and the virus writers were helping them
do it.
”It’s not so much about boasting that someone wrote a virus anymore, or getting your name
out as a hacker,” says Steve Sundermeier, vice president of products and services at
Central Command, an anti-virus company based in Medina, Ohio. ”It’s more about committing
these white collar crimes. They’re obtaining credit card information and then it becomes a
clear cut crime… I personally see more of this happening this year.”
Many analysts also say that viruses and spam are no longer the realm of the techies alone.
With money to be made, organized crime is increasingly getting in on the game. And that is
upping the ante for those being baited into divulging their critical information, and for
those fighting the problem.
And Sundermeier says that means anti-spammers and those in the anti-virus community are
increasingly working with law enforcement.
”There’s definitely going to be a lot of migration between the anti-virus industry and law
enforcement and the FBI,” he adds. ”We saw this start with Microsoft putting a bounty on
hackers’ head. We saw the arrest of the guy who wrote the Blaster variant. You’ll see a lot
more collaboration between anti-virus and law enforcement.”
And with people’s life savings or livelihoods on the line, there’s more pressure on the
security community to be swift and sure in their work.
”It’s kind of sad, but there’s a new reality to it,” says Sundermeier. ”Not only do we
feel more important but it’s a lot of pressure and added stress on us to turn around these
virus signatures. If we have code for a new variant of Sobig… now we’re talking about
people’s livelihood and huge financial loss. It’s more stressful.”