Tuesday, February 08, 2005

Worms, Viruses, Spam and Fraud

The Washington Post has a scary article about the use of computer worms to further spam or scams. Link.
The worm that targeted Lee's site was the 44th version of Bagle unleashed in 2004, a year in which teams of virus writers forged new alliances with junk e-mail artists to convert millions of home PCs into remote-controlled "zombies" used to fuel spam and phishing attacks.

As a result of those alliances, junk e-mail and phishing attacks -- online scams that lure victims into giving up confidential information -- far outnumbered legitimate e-mail communications last year. Roughly three-quarters of all e-mail in 2004 was spam or fraud-related, according to Postini, a Redwood City, Calif.-based anti-spam firm. (...)

Symantec Corp., an Internet security firm based in Cupertino, Calif., intentionally infected some of its computers with the Bagle virus in order to monitor the worm's progress. In a 28-page report published in December, the company found that some of the PCs downloaded software that forced them to forward e-mails used in a pair of elaborate phishing scams targeting customers of SunTrust Banks.(...)

Alfred Huger, senior director of security response at Symantec, said most of the infected computers were seeded with additional software over a period of several weeks. "That kind of activity suggests that the people behind the Bagle worm are either running a vast criminal enterprise or they are loaning out their network" of infected PCs to other scam artists and spammers, Huger said.

It is common for attackers to sell or rent access to PCs they have compromised, according to Johannes Ullrich, chief technology officer for the SANS Internet Storm Center. In certain little-known underground chat rooms, a hacked computer in the United States can be rented for pennies per week.

However, hijacked PCs in some foreign countries often fetch a higher value because they are considered harder for authorities to shutter, Ullrich added. "We've seen the asking price go as high as $25 for a single compromised home system."

Because I like to be on the Internet, I have learned to be paranoid. Every new user should be. There are huge dangers out there in cyberspace, but eternal vigilance is likely to keep you safe. It is like apartment security in an urban area. You do not need a lock that no burglar can break, only one that would take longer to break than you neighbors' locks. You do not have to be a computer professional to take measures that exceed those of most new internet users.


Post a Comment

<< Home