Cyber crime booms in 2004

By Mark Ward

The last 12 months have seen a dramatic growth in almost every security threat that plague Windows PCs.

The count of known viruses broke the 100,000 barrier and the number of new viruses grew by more than 50%. Similarly phishing attempts, in which conmen try to trick people into handing over confidential data, are recording growth rates of more than 30% and attacks are becoming increasingly sophisticated.

Also on the increase are the number of networks of remotely controlled computers, called bot nets, used by malicious hackers and conmen to carry out many different cyber crimes.

Teenage kicks

One of the biggest changes of 2004 was the waning influence of the boy hackers keen to make a name by writing a fast-spreading virus, said Kevin Hogan, senior manager in Symantec's security response group.

TOP VIRUSES OF 2004
1) Netsky-P
2) Zafi-B
3) Sasser
4) Netsky-B
5) Netsky-D
6) Netsky-Z
7) MyDoom-A
8) Sober-I
9) Netsky-C
10) Bagle-AA

Although teenage virus writers will still play around with malicious code, said Mr Hogan, 2004 saw a significant rise in criminal use of malicious programs. The financial incentives were driving criminal use of technology, he said.

His comment was echoed by Graham Cluley, senior technology consultant from anti-virus firm Sophos. Mr Cluley said: "When the commercial world gets involved, things really get nasty. Virus writers and hackers will be looking to make a tidy sum."

In particular, phishing attacks, which typically use fake versions of bank websites to grab login details of customers, boomed during 2004.

Web portal Lycos Europe reported a 500% increase in the number of phishing e-mail messages it was catching.

The Anti-Phishing Working group reported that the number of phishing attacks against new targets was growing at a rate of 30% or more per month.

Those who fall victim to these attacks can find that their bank account has been cleaned out or that their good name has been ruined by someone stealing their identity.

This change in the ranks of virus writers could mean the end of the mass-mailing virus which attempts to spread by tricking people into opening infected attachments on e-mail messages.

"They are not an efficient way of spreading viruses," said Mr Hogan.

"They are very noisy and they are not technically challenging."

The opening months of 2004 did see the appearance of the Netsky, Bagle and MyDoom mass mailers, but since then more surreptitious viruses, or worms, have dominated.

Remote control

Mr Hogan said worm writers were more interested in recruiting PCs to take part in "bot nets" that can be used to send out spam or to mount attacks on websites.

In September Symantec released statistics which showed that the numbers of active "bot computers" rose from 2,000 to 30,000 per day.

Thanks to these "bot nets", spam continued to be a problem in 2004. Anti-spam firms report that, in many cases, legitimate e-mail has shrunk to less than 30% of messages.

Part of the reason that these "bot nets" have become so prevalent, he said, was due to a big change in the way that many viruses were created.

In the past many viruses, such as Netsky, have been the work of an individual or group.

By contrast, said Mr Hogan, the code for viruses such as Gaobot, Spybot and Randex were commonly held and many groups work on them to produce new variants at the same time.

The result is that now there are more than 3,000 variations of the Spybot worm.

"That's unprecedented," said Mr Hogan. "What makes it difficult is that they are all co-existing with each other and do not exist in an easy to understand chronology."

Moving target

The emergence of the first proper virus for mobile phones was also seen in 2004.

In the past, threats to smart phones have been largely theoretical because the viruses created to cripple phones existed only in the laboratory rather than the wild.

In June, the Cabir virus was discovered that can hop from phone to phone using Bluetooth short-range radio technology.

Also released this year was the Mosquito game for Symbian phones which surreptitiously sends messages to premium rate numbers, and in November the Skulls Trojan came to light which can cripple phones.

On the positive side, Finnish security firm F-Secure said that 2004 was the best-ever year for the capture, arrest and sentencing of virus writers and criminally-minded hackers.

In total, eight virus writers were arrested and some members of the so-called 29A virus writing group were sentenced.

One high-profile arrest was that of German teenager Sven Jaschen who confessed to be behind the Netsky and Sasser virus families.

Also shut down were the Carderplanet and Shadowcrew websites that were used to trade stolen credit card numbers.