News

Computer Virus Writers Plan Slow Spread

Most virus writers no longer seeking widespread fame but money and maintaining anonymity in the process of obtaining it via botnets, says security vendor.

In the past, virus writers seeking fame and attention wrote their malicious programs to spread as quickly and broadly as possible, boasting to colleagues when they manage to cripple hundreds of thousands of computers worldwide in a matter of hours.

But now, many writers are driven by money instead. They write code to turn the computers of unsuspecting individuals into "botnets" -- networks for spreading junk e-mail or stealing financial data from others.

Security experts find that some are even taking measures to make sure their programs don't spread too quickly or too broadly, lest they get detected and blocked.

"If they are able to stay active longer, they make more money," said Alfred Huger, senior director of engineering with the security response team at Symantec Corp., a software vendor that issued its twice-annual state-of-security report Monday.

Not too long ago, he said, a single person took control of as many as 400,000 computers at once with the help of malicious programs. Today, the average is less than 1,000, making such networks more difficult to track and shut down.

Huger said spammers have been compiling e-mail lists specific to geographic areas, by targeting a single Internet service provider that serves a particular region or by combing mailing lists devoted to a city's happenings. Messages sent to those lists can be used for scams or the spread of malicious programs, such as those for stealing data.

Virus writers have also judiciously used Web sites with software vulnerabilities allowing for the spread of malicious code, Huger said. They will remove the malicious programs once enough users are infected and restore the malware later, he said.

"They are very careful about the spread," he said.

Many of the newer viruses spread primarily through social engineering -- tricking a user into opening an e-mail attachment by making a message appear legitimate.

Although virus writers have long used that technique, many had been trying to overcome delays inherent with the need for any user intervention, taking advantage of system flaws to automatically spread their programs.

Network worms such as 2004's "Sasser" exploited flaws in Windows, automatically scanning the Internet for computers with the vulnerability and sending copies of themselves there. But the rapid spread also triggered rapid-response alerts among security vendors and prompted network operators to prioritize applying fixes to the Windows flaws.

High-profile threats, often more an annoyance than an effort to set up armies of rogue computers, are typically contained within a day or two.

By contrast, botnet computers can stay active for months.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.