Converged security threats mean business

Professional programmers writing viruses

Gone are the days of amateur, single-source security threats as big business takes over creating an Internet filled with converged attacks.

University of Auckland computer security researcher Peter Gutmann gave a dim overview of the types of sophisticated software now used to take over computers to conduct cybercrime.

"There isn't really any single threat anymore," Gutmann said, adding as an example that spam is being used for identity theft.

"We've seen over the last 20 years a convergence of network technologies into this one big cloud called the Internet [and] the convergence of viruses and trojans into this one blended threat."

Speaking at this year's Australian Unix Users Group (AUUG) conference in Melbourne, Gutmann said spam and malicious code is becoming more sophisticated, because the businesses proliferating such threats are hiring professionals - from programmers to psychologists.

"Current viruses are written by paid professional programmers and they do serious amounts of testing on different environments," he said. "They're not just written by script kiddies. Some use digitally signed, encrypted updates that are equivalent to the Windows update."

Spam "vendors" are using PhDs in linguistics to bypass filters, and phishers use psychology graduates to craft their scams.

There is also some spamware that includes the open source Spamassassin anti-spam tool in its code to see if it will get through.

Gutmann said the spam business involves selling CDs with e-mail addresses at a price dependent on the quality of addresses.

"You go via a spam broker and use money to buy credits to send out spam messages," he said. "You can also buy 'botnets' and a machine can spam for 30 seconds then transfer to another bot which will spam for another 30 seconds, so it's virtually impossible to track them down."

Gutmann said most spam services are hosted in China where the ISPs don't care about it and bandwidth is cheap.

"Botnets are infinite resources of power and bandwidth," he said, adding many botnets are IRC-based which are not very resilient. However, the emergence of P2P botnets have made them more resilient and completely decentralized them.

"Freely available robots, like Agobot, can do all types of nasties, from harvesting e-mail addresses to packet sniffing and rootkit functionality.

"Ironically, botnets are full of 'good guys' PCs being taken over to send spam from DSL and cable Internet connections.

"With delivery mechanisms in place, malicious code has the ability to take control and manipulate the operating system down to the kernel level.

"Viruses can act as special-purpose spam relays, disable anti-virus software or modify anti-virus database files, and one even uses multiple levels of encryption.

"They're extraordinarily difficult to detect and specifically coded to stop anti-virus software from detecting it," Gutmann said.

Since a lot of software has user interface options to turn off security features, viruses can also be programmed to do this. Other common problems include installing rogue root certificates and patching the Windows kernel so that "everyone is running as root".

Gutmann cited BroadcastPC as an extreme example of malware which installs 65MB of .Net framework on the computer without the user being made aware of it.

Regarding phishing, Gutmann said like spam and viruses, it is being orchestrated by professionally run organizations.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about ACTAUUGGood GuysVIA

Show Comments