'War of the Worms' Spurs Latest Cyber-Attack

Mikko Hypponen, chief research officer for online security firm F-Secure in Helsinki, Finland, said 12 Internet worms similar to Zotob have been spotted online since Sunday. Like the worm that began to affect several media outlets on Tuesday, each of these pieces of malicious software -- sometimes called "malware" by computer security experts -- exploits the same "plug and play" flaw in Windows software that Microsoft warned about earlier this month.

"We've found five new PnP [plug and play] malware just today," Hypponen said. "The main target of these worms is to spread, removing competing bots."

On his online blog, Hypponen noted there are apparently four main "families" of worms actively attacking each other. One group of worms, the "IRCbot" family, attempts to knock off the Zotobs, which try to kill off the "Bozori" class of worms, which in turn are after another type of worm called "Rbot" or "SDbot."

"It's unknown to us who is behind all of this," says Hypponen, echoing other computer security experts. "But it seems we have several separate groups competing with each other to build the biggest botnets. It's a global pissing contest."

Greedy Shift

But while Hypponen notes these worms do not contain any dangerous "payloads" -- say, deleting files or installing software spies that steal important digital info -- the end goal is the same: To leave infected computers vulnerable to further exploitation.

What's more, the nature of that use has been changing.

"It's a shift from the old days of thuggery to this new notion of organized crime on the Internet," said Curry of Computer Associates.

In the old days, hackers wanted to control computer armies to launch "denial of service attacks" that jammed computer networks, or to vandalize a network internally.

"It was a lot like getting mugged on the street or a lot like getting beaten up," Curry said.

But these days, such spiteful motives seem to be giving way to greed.

"Destroying the Internet is not really useful if the Internet is the means to your financial goals," said Art Manion, an Internet security analyst at U.S. CERT, a center at Carnegie Mellon University that advises the U.S. government on Internet threats.

Hidden Money Trails

Botnet operators now are more likely to use their computer armies to mine personal information and distribute blizzards of spam, experts said.

David Kennedy, a senior risk analyst for Cybertrust, a consultant on Internet security for businesses, said he's even heard of more elaborate schemes. He cites examples including Web sites hiring botnets to jack up the number of user hits on their sites in order to trick advertisers into overpaying.

Criminals can be compensated for such ventures via what Manion called an "underground economy" of payments.

"The most effective way [to profit from botnets] is to rent out these systems to send spam," Kennedy said.

He added that another common scheme is to use the computer zombies to send out fraudulent e-mails seemingly from reputable companies, drawing users into "phishing" schemes designed to get them to provide passwords, PIN numbers, credit card numbers, account numbers and other personal information.

When committing such fraud, the botnets allow criminals to route their e-mails through multiple computers.

"What they're doing is trying to make it as difficult as possible for the good guys to track down who's getting the money on them [the botnets]," Kennedy said.

Corporate Lockdown

  • 1
  • |
  • 2
  • |
  • 3
Join the Discussion
blog comments powered by Disqus
You Might Also Like...