Global malady: Virus writers worldwide team up

Malware writers cooperate to boost attacks

Security researchers have been touting the growing nature of professionalism among virus authors over the last several years, but new evidence points to increased cooperation between malware writers spread around the globe, according to some experts.

The practice of using widely-distributed IP addresses to distribute malware and spam to help avoid detection by security companies and law enforcement officials is nothing new among electronic schemers.

However, there is reason to believe that cyber-criminals, specifically virus authors and botnet operators, may be teaming more frequently with people in other regions of the world to help facilitate their respective attacks, said Chris Boyd, the U.K.-based director of malware research at FaceTime Labs, a division of software maker FaceTime Communications.

Boyd -- who used his presentation at the RSA Conference 2007 in February to detail botnet activity, including a group based out of the Middle East known as the Q8Army that is suspected to back radical Islamist activity -- said that there is even mounting evidence that hackers in China are teaming with their Western counterparts to help boost the quality of their respective attacks.

There have been ties established between groups of crimeware authors in the United States, South America, and Eastern Europe that have been evident for some time, Boyd said, but an increasing number of attacks being examined by the researcher bare clues that Chinese coders are looking outside their borders for expertise in helping to improve and spread their work.

"It was previously unthinkable that hackers in the West and China would be working together, but we're increasingly seeing interplay of code," Boyd said. "The new techniques we're seeing come out of China suggest that they are picking up tips from hackers in the West to help them fly under the radar, and we feel there will be more of this activity in the coming months."

Boyd said that like the Q8Army -- which allegedly used instant messaging attacks to plant spyware on people's computers and create a massive worldwide botnet system -- Chinese hackers have been known in the past for distributing somewhat crude programs that were relatively easy for security researchers to isolate.

But over the past several months, the expert said, he has seen far more advanced threats with far less obvious social engineering mistakes emanating from the world's most populous nation.

While the Chinese malware writers are turning to Westerners to learn the subtleties of tricking people outside their country into falling for their attacks, Westerners are likely asking their new partners to share their techniques for avoiding detection by researchers and law enforcement.

"[Virus writers] in America want to learn the finer arts of what not to do to get caught online, and the groups in China appear to be very advanced in that regard," said Boyd. "With the government atmosphere there, where you're likely to go to jail if you get caught committing a crime, they have to be very careful."

The range of attacks -- which Boyd said he has observed on underground security research forums that he declined to identify by name -- span from less dangerous adware programs to extremely advanced root kits, according to the expert with FaceTime.

Join the newsletter!

Error: Please check your email address.

More about AvertFaceTimeHISInterplayMcAfee AustraliaRSASecurity Systems

Show Comments

Market Place