.
Attack of the Killer Bugs: Your computer could be hijacked by scam artists to send out spam and steal your bank account
Reuters Magazine, Jan/Feb 2004
By Andy Sullivan
Nestled among the strip malls and fast food outlets of suburban Virginia, the operations center for online security company Symantec buzzes with the intensity of a military command center.
An eight-foot-tall satellite photo of the Earth spins slowly on a giant plasma screen, red and yellow numbers pinpointing the source of online threats. At rows of computer workstations, analysts monitor the firewalls and other online defenses Symantec maintains for banks and other Fortune 500 firms, their faces lit a ghostly blue. The ergonomic chairs, halogen lights and brushed-metal walls suggest a dot-com startup; the palm scanners, security guards and crew cuts suggest a Pentagon war room.
It's a relatively quiet day for analyst Tim Hillyard, hunched over a pair of flat-screen displays in the back of the room. A book publisher's computer in Berkeley is checking 3,700 computers per minute in an attempt to spread the SQL Slammer computer virus. Eight hundred computers in South Korea are spreading a different bug that exploits a hole in RealPlayer media software. A hacker in Belarus probes a bank's Web server, searching for a way in.
From this vantage point, Hillyard saw SQL Slammer rampage across the Internet last February, knocking out police and fire dispatch centers and sidelining freight trains.He saw another virus, MSBlaster, gum up corporate networks and force Web sites offline last August. And like many security experts, he's seen an ominous trend emerge over the past year: While earlier bugs like Melissa and ILoveYou were written by lone operators looking to spread a sort of online graffitti, many newer viruses appear to be the handiwork of sophisticated teams of malicious hackers looking for profits rather than peer approval.
Junk e-mailers now route their get-rich-quick schemes through home computers in an attempt to stay one step of filters and blacklists that block spam. Organized crime groups in Eastern Europe track unsuspecting users' keystrokes to lift passwords, credit-card numbers and other sensitive personal data. Law-enforcement agents, anti-spam activists and oonline vendors all say they have noticed cybercrime's shifting face, and are scrambling to contain it before the damage escalates. "It's not juveniles developing random viruses; it's targeted computer intrusions and exploits that are designed to advance the spam, or use the spam as a front end of a lot of schemes," says Dan Larkin, head of the FBI's Internet Fraud and Complaint Center.
None of these particular attacks pose a real danger to Symantec's corporate customers, which pay good money to keep such threats at bay. But the millions of home and small-business broadband users who are constantly connected to the Internet are a different story: Many of them don't use antivirus and firewall software and lack the technical know-how to keep their machines clean, Hillyard says. "I won't bother to call them because they probably wouldn't fix it or know how to fix it," he says of the Berkeley publisher. "If it was Ford Motor Company, I would call them and they would fix it." These always-connected, poorly defended computers constitute a sort of soft white underbelly of the Internet, experts say, allowing parasitic scam artists to burrow into their unsuspecting hosts.
Spammers for years have routed herbal Viagra pitches and other snake-oil offers through misconfigured computers, often crossing national borders to avoid prosecution. Anti-spam activists have compiled blacklists of these conduits, enabling Internet service providers like America Online to refuse their mail and allowing consumer-protection officials to shut off these spam-friendly computers as well.
Spammers have responded by setting up a new network of hosts on home users' computers, analysts say.
"We're seeing spam be an end product of the exploitation of personal computers," said Brian Huseman, an attorney with the Federal Trade Commission who focuses on spam. A version of the SoBig virus that circulated in August and September turned infected computers into spam conduits, allowing spammers to sidestep blacklists and widen their distribution networks exponentially. Spammers' networks have now expanded from a few hundred thousand computers to several million, according to congressional testimony provided by Cable & Wireless chief security officer William Hancock.
The end result: Computer users are getting more junk mail than ever -- and theri own machines may be sending it to them.
But as annoying as an inbox full of body-enhancement offers may be, computer viruses are enabling more than just spam. Identity thieves and other scam artists are relying on viruses to extend their networks as well.
Some 30 miles away from Symantec's network operations center are the offices of VeriSign, a company that handles payments for online vendors. According to vice president Ken Silva, out of the 1 million transactions VeriSign sees daily, typically more than 6 percent are fraud attempts. And nearly half of those can be traced to computers that have been infected with a virus of some sort.
Viruses such as the versatile SoBig can create a "back door" that gives the virus sender access to sensitive personal information on the infected computer. Identity thieves have been known to install a piece of software that keeps track of every keystroke typed by the computer user, periodically transmitting passwords, bank account numbers or other data back to the virus's author. Severla versions of SoBig appeared over the course of the year, each improving on the last. The sophistication of the virus leads some analysts to believe that organized crime groups in Eastern Europe may be behind the attacks.
"There's never been anything like SoBig," says Ken Dunham, director of malicious code at iDefense, a Virginia security firm. "It wasn't just one virus or a couple of viruses done for fun. It's been carefully orchestrated for identity theft."
Because SoBig has spread so widely, criminals can pilfer small amounts from users and still rack up a tidy profit, Dunham says.
Spammers are also using a new technique called "phishing" to trick consumers into giving them their credit-card numbers. Slick, graphics-intensive messages spoof legitimate messages from high-profile companies like eBay and Citibank, pointing to official-looking Web sites that ask for financial accounts and other personal information.
The defense against such attacks is simple, experts say. Home users should buy a firewall and antivirus software. Businesses should go to greater lengths to keep their system software and cyberdefenses up to date. A good dollop of healthy paranoia can't hurt, either. Symantec's Hillyard says he uses a personal firewall and antivirus software for each computer at home, and runs an intrusion-detection system as well. "If you're online for more than 10 minutes, you're going to get attacked," he says.