- The Washington Times - Sunday, September 19, 2004

Tech-savvy criminals increasingly are using large networks of computers to spread viruses, send spam and steal sensitive information, according to a new Internet threat report scheduled to be released today.

Symantec, an Internet security firm in Cupertino, Calif., warned of a dramatic rise in the number of computers taken over by “bot” networks, which allow scam artists to automatically start widespread Internet attacks from their own computers. The number of machines infected this way rose from about 2,000 per day at the beginning of the year to an average of 30,000 per day by June, the company said.

“We’re seeing a land grab of vulnerable systems,” said Brian Dunphy, Symantec’s director of global analysis. “[Criminals] are becoming a little bit more organized. Rather than just sending a worm out to run around the Internet, they’re becoming more controlled about how they get control of systems.”

Internet experts blamed an attack from a large “bot” network for a broad outage in June of several major Web sites, including those of Akamai, Apple, Microsoft and Yahoo.

Symantec said the “bot” networks are becoming common because they allow criminals to take control of more systems and collect more personal data from those machines. The rights to use those compromised machines are often sold to fellow criminals for hundreds, if not thousands, of dollars.

Cybercriminals are motivated by money, unlike in the past when they wrote viruses and worms simply for the challenge and bragging rights, Mr. Dunphy said.

Most of the recent viruses and worms, such as the recent Blaster and Slammer viruses, contain programs commonly called “Trojan horses” designed to collect financial data such as credit card or banking numbers off a computer.

Security experts warned the Federal Trade Commission about bot networks in April, during an agency-sponsored Internet security forum. Roger Thompson, a vice president with British Internet security firm Pest Patrol, told the FTC that such networks were “massive” and “built up around the world.”

“There are these things called bot farms, some people call them bot armies,” Mr. Thompson said. “Nobody really knows who is doing it … they have turf wars trying to take over each others’ farms. It’s very routine to log into one of these bot farm controllers and find there is 1,000 or 2,000 [computers] locked in at any moment.”

The majority of all Internet attacks are directed at computers using operating systems created by Microsoft, the world’s largest software developer. Symantec reported 4,496 new Windows viruses and worms during the first six months of 2004, a 450 percent increase from a year earlier and more than twice as many as in all of 2003.

Vulnerabilities in Microsoft’s systems are found on an almost daily basis, and virus writers have proven they can develop ways to exploit those vulnerabilities quickly.

Once a vulnerability is announced, a code to exploit that vulnerability usually appears in less than six days, Mr. Dunphy said.

He said the ability of cybercriminals to work quickly has hurt larger businesses, which take between 45 and 60 days to update their machines to protect against viruses and worms.

Microsoft has encouraged its users to download software patches to fix vulnerabilities and recently released a product called “SP2” to protect against the latest threats to its XP operating system.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide