Convergence Quagmire: Viruses with Spam
Aug 18, 2004 10:52 AM PT
Viruses and spam -- and the techniques used to create, disguise and distribute both -- are converging into a single threat in which the two computer disruptions depend on one another in a sort of symbiotic manner, according to security experts.
Security firm MessageLabs highlighted the convergence in its monthly intelligence report released this week, indicating that the new end goal of viruses such as Bugbear, SoBig and MyDoom is to use spamming techniques to spread for profit.
"As testament to the prevalence of convergence, around 70 percent of the spam MessageLabs intercepts on a daily basis has been sent via machines compromised by viruses," said the July Intelligence Report.
"In 2004, almost all viruses have lent themselves to spam distribution or have been uses to compromise machines used for spamming," MessageLabs information security analyst Natasha Staley told TechNewsWorld.
MessageLabs said that while the motivations of virus writers and spammers have historically been very different, the two have come together with one purpose: profit.
"Virus writers and spammers are combining their skill sets to produce a more sophisticated breed of e-mail security threat, one in which the lines between viruses and spam have become increasingly blurred," said the report.
Staley said the best defense against the trend, which has resulted in both more viruses and more spam, is to treat the threats as one.
"People need to stop thinking of viruses and spam as two separate issues," Staley said. "It's actually a pretty incestuous relationship and it's really hard to separate the two anymore."
Money as Motive
MessageLabs indicated that the motivation for writing and releasing viruses has changed from "approval and notoriety from cronies" to a combined material motive, thanks largely to spam.
"Evidence from the virus and spam 'underground' communities suggests that it is no longer desirable to just write and disseminate viruses," said the report. "What is 'cool' is to join forces with the spammers and prove that you're capable of making money out of malicious code."
Staley also referred to armies of compromised or "zombie" machines that -- after being gathered in a virus outbreak -- can be rented for spamming or other purposes for about US$10 an hour.
Ken Dunham, iDefense director of malicious code intelligence, said the virus and spam convergence is simply a progression of criminal activity on the Internet.
"I believe it's a natural convergence of two technologies and exploits [that are] on the criminal market," Dunham told TechNewsWorld. "Convergence is really the trend of the year. [Viruses and spam] is one of the convergence models we've seen."
Dunham said other factors, such as the increased reliance on network protocols and network shares, also have facilitated other convergences, including the use of platforms other than e-mail to spread malicious code.
Ease of Attack
Dunham said the other trend that has accompanied the convergence of viruses and spam is the increased availability of malicious source code, tutorials and other tools for attack, spamming or both.
"If it was really hard, you wouldn't see a lot of people doing it," Dunham said. "It's fairly simple to perform these on a low level."
Dunham, who said virus fighters are now often unsure whether an outbreak is being caused by viral spread or whether it is a case of spam-like virus "seeding," added that spamming techniques also can help virus writers cloak their identity and the origin of an outbreak.