Computer Virus Writers Plan Slow Spread

Most virus writers no longer seeking widespread fame but money and maintaining anonymity in the process of obtaining it via botnets, says security vendor.

In the past, virus writers seeking fame and attention wrote their malicious programs to spread as quickly and broadly as possible, boasting to colleagues when they manage to cripple hundreds of thousands of computers worldwide in a matter of hours.

But now, many writers are driven by money instead. They write code to turn the computers of unsuspecting individuals into "botnets" -- networks for spreading junk e-mail or stealing financial data from others.

Security experts find that some are even taking measures to make sure their programs don't spread too quickly or too broadly, lest they get detected and blocked.

"If they are able to stay active longer, they make more money," said Alfred Huger, senior director of engineering with the security response team at Symantec Corp., a software vendor that issued its twice-annual state-of-security report Monday.

Not too long ago, he said, a single person took control of as many as 400,000 computers at once with the help of malicious programs. Today, the average is less than 1,000, making such networks more difficult to track and shut down.

Huger said spammers have been compiling e-mail lists specific to geographic areas, by targeting a single Internet service provider that serves a particular region or by combing mailing lists devoted to a city's happenings. Messages sent to those lists can be used for scams or the spread of malicious programs, such as those for stealing data.

Virus writers have also judiciously used Web sites with software vulnerabilities allowing for the spread of malicious code, Huger said. They will remove the malicious programs once enough users are infected and restore the malware later, he said.

"They are very careful about the spread," he said.

Many of the newer viruses spread primarily through social engineering -- tricking a user into opening an e-mail attachment by making a message appear legitimate.

Although virus writers have long used that technique, many had been trying to overcome delays inherent with the need for any user intervention, taking advantage of system flaws to automatically spread their programs.

Network worms such as 2004's "Sasser" exploited flaws in Windows, automatically scanning the Internet for computers with the vulnerability and sending copies of themselves there. But the rapid spread also triggered rapid-response alerts among security vendors and prompted network operators to prioritize applying fixes to the Windows flaws.

High-profile threats, often more an annoyance than an effort to set up armies of rogue computers, are typically contained within a day or two.

By contrast, botnet computers can stay active for months.


  • Microsoft, AT&T Ink Deal Around Microsoft 365, AI and Edge

    Microsoft put the spotlight on its strategic collaborations during Day 3 of Inspire, chief among them a "multiyear" alliance with AT&T.

  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.

  • Windows 10 Version 1903 Set for Wider Availability

    Microsoft alerted users that those not presently using the most current version of Windows 10 will soon be prompted to make the switch.

  • Silver Pins

    Microsoft Launches Preview of Azure Proximity Placement Groups

    Organizations managing complex applications in Azure can begin test-driving a new capability that helps alleviate network-latency concerns.