Organized crime has taken over from the kids when it comes to major online danger from viruses, spam and spyware, according to Vancouver-based corporate security vendor Sophos Inc.
   And that trend to more dangerous, inventive and financiallydamaging attacks on both corporate networks and individual PCs will continue to grow in 2005, the company said in a 2004 year-end report issued Wednesday.
   The British-owned company has its North American headquarters in Vancouver.
   “The nature of the game is really changing,” Sophos’ senior security analyst Gregg Mastoras said in an interview.
   “Years ago it was largely groups of people who wanted to impress their friends and demonstrate their capabilities, but now you see a financial incentive in all of these activities.”
   As an example of what’s lurking out there, Mastoras described what he called the Brazilian banking case, in which a virus lay dormant on the systems of PC users until they use their browsers to do online banking.
   He calls these the new online bank robberies.
   “Boom, you go to your bank’s website and all of a sudden the virus starts to collect information from logging your keystrokes,” said Mastoras. “It grabs your account number, your password and any other information and off it goes.”
   In another instance, added Mastoras, the virus would see you log on and pop up a screen that looks exactly like your bank’s website.
   “So the user says, well, it must be my bank because I typed in my usual URL,” said Mastoras. “But the screen says that the bank has some security concerns and could you please give us your name and account number to verify who you are.”
   It might also ask for your pin number.
   “And they take that and they grab it and run away.”
   Added to this are spam-based “phishing” attacks in which a thief pretends to represent a legitimate business in order to collect credit card numbers and personal identification.
   As well, the past year, according to the Sophos report, has seen alliances formed by spammers who need the help of virus writers to spread their massive e-mailings.
   “They basically pay virus writers to get them assets from which to launch their spam,” said Mastoras.
   And spammers have become increasingly more inventive in rotating their own domain names and hiding their domain owner information, said the report.
   “In the past 12 months the speed at which they use new techniques has gone from weeks to days and hours — soon it will be seconds,” said the report.
   The Sophos report also said that 40 per cent of spam now originates from PCs that have been hijacked by viruses.
   As well, Some worms have used armies of zombie computers to launch denial-of-service attacks against websites such as those of Microsoft, Kazaa, the British prime minister’s residence at 10 Downing Street and the Pakistani government.
   Mastoras said that while some virus creators — and there are now more than 90,000 viruses out there — do get arrested, those are largely the amateurs.
   One of these, 19-year-old German hacker Sven Jaschan, is accused of writing both the Netsky and Sasser worms, which accounted for 55 per cent of all virus attacks reported in 2003.
So far in 2004 there have been 10,724 new viruses identified, a 51.8-per-cent increase in virus creation over 2003
Jaschan, recently offered a job by a German security firm, is expected to appear in court early in 2005.
“When someone’s caught it’s a little bit of a surprise, because that means they’ve probably slipped up and done something to alert the authorities to where they are,” said Mastoras. “And that means they weren’t that sophisticated to begin with.”
   While Jaschan was responsible for two of the major viruses, most of them continue to come from the U.S., which spread 42.1 per cent of them in 2004.
   Canada came fourth with 5.7 per cent, outranked by South Korea in second place with 13.4 per cent and China (including Hong Kong) at 8.4 per cent.
   Surprisingly Jaschan’s home country of Germany produced only one per cent of viruses.
   While Sophos reports an increase in anti-virus and anti-spam legislation in 2004, Mastoras said that the company would like to see a formal worldwide framework where virus infections or spam can be reported easily.
   “We’ve had the experience where we’ve been able to identify some activity and yet when we contact the government or local police authorities they really don’t have the capability or, quite frankly, the interest, to capture this data or to follow leads,” said Mastoras.
   “If there were some central authority that could accumulate what’s happening out there and then formulate a legal attack [on it] you’d see a lot more criminals appearing in the newspapers and being put in jail and I’d think you’d see some reduction in virus and spam counts.
   Mastoras said that he never expects to see a magic bullet that can overcome viruses and spam, especially where the Windows operating system is concerned. “I think that no matter what you do, the virus writers are always going to get around it and they’re going to find the loopholes, so [fighting spam and viruses is] always going to be a challenge in that sense.”
   However, said Mastoras, there are two basic steps that can be taken to reduce the impact of the problem. One is to update anti-spamware and anti-virus software regularly. The other is to apply the security patches supplied by Microsoft.
   [email protected]

SOURCE: SOPHOS

VANCOUVER SUN FILES
A computer user downloads a patch to protect against the Blaster worm last year. Viruses are a threat to computers everywhere.