Virus writers slow spread of their works to prevent detection
NEW YORK (AP) - In
the past, virus writers seeking fame and attention wrote their
malicious programs to spread as quickly and broadly as possible,
boasting to colleagues when they manage to cripple hundreds of
thousands of computers worldwide in a matter of hours.
But now,
many writers are driven by money instead. They write code to turn the
computers of unsuspecting individuals into ``botnets'' -- networks for
spreading junk e-mail or stealing financial data from others.
Security
experts find that some are even taking measures to make sure their
programs don't spread too quickly or too broadly, lest they get
detected and blocked.
``If they are able to stay active longer,
they make more money,'' said Alfred Huger, senior director of
engineering with the security response team at Symantec Corp., a
software vendor that issued its twice-annual state-of-security report
Monday.
Not too long ago, he said, a single person took control
of as many as 400,000 computers at once with the help of malicious
programs. Today, the average is less than 1,000, making such networks
more difficult to track and shut down.
Huger said spammers have
been compiling e-mail lists specific to geographic areas, by targeting
a single Internet service provider that serves a particular region or
by combing mailing lists devoted to a city's happenings. Messages sent
to those lists can be used for scams or the spread of malicious
programs, such as those for stealing data.
Virus writers have
also judiciously used Web sites with software vulnerabilities allowing
for the spread of malicious code, Huger said. They will remove the
malicious programs once enough users are infected and restore the
malware later, he said.
``They are very careful about the spread,'' he said.
Many
of the newer viruses spread primarily through social engineering --
tricking a user into opening an e-mail attachment by making a message
appear legitimate.
Although virus writers have long used that
technique, many had been trying to overcome delays inherent with the
need for any user intervention, taking advantage of system flaws to
automatically spread their programs.
Network worms such as
2004's ``Sasser'' exploited flaws in Microsoft Corp.'s Windows
operating system, automatically scanning the Internet for computers
with the vulnerability and sending copies of themselves there. But the
rapid spread also triggered rapid-response alerts among security
vendors and prompted network operators to prioritize applying fixes to
the Windows flaws.
High-profile threats, often more an annoyance
than an effort to set up armies of rogue computers, are typically
contained within a day or two.
By contrast, botnet computers can stay active for months.
Bron o.a.: MercuryNews, SiliconValley.com, AP Wire
