January Busy Month for Malware Authors

After a slight hiatus during the holidays, malware writers returned with vigor to their malicious ways in January, creating thousands of new software nasties.

According to Sophos, an international malware-fighting firm with offices in Lynnfield, Mass., 2,312 pernicious programs were introduced last month. Anti-virus software maker McAfee pegs January’s malware debuts even higher at 6,112.

While the number of new viruses, worms and Trojans can vary from month to month, year-to-year growth of the noxious applications is increasing exponentially, according to Sophos Senior Security Analyst Ron O’Brien.

Spike Drivers

He reasoned that the surge in new malware activity in January may be, in part, related to people taking year-end vacations. “You’ve got a fairly large population not accessing e-mail,” he told TechNewsWorld. “Then they catch up on their e-mail when they come back from vacation so the month of January shows a spike.”

According to the numbers from McAfee, the spike of new malware in November 2005 — tagged at 7,406 — was even higher than last month’s eruption.

Jimmy Kuo, a senior fellow with McAfee AVERT, noted that bad-app traffic can be seasonal. “Oftentimes these things have an association with the school calendar,” he told TechNewsWorld. “In November, the colleges are in session and in December, they’re not.”

Change in M.O.

Up until two years ago, he noted, the malware scene had been relatively stable. “In the last two years, the amount of malware has dramatically increased due to the amount of it written to commandeer machines,” he said.

Although the number of malevolent applications have increased, he observed, the number of viral outbreaks have decreased, primarily due to a change in the modus operandi of malware authors.

“Instead of going after a large number of machines all at once, these bad guys are going after small sets,” Kuo explained. “Once they’ve compromised the targeted number in the set, then they essentially retire that piece of malware and write a new piece for their next set.”

Criminal Playground

Mischief makers seem to have honed their counterfeiting skills in recent times to enhance the effectiveness of their ploys, added O’Brien, of Sophos.

“Persons developing malware are using very good renderings of logos and such in order to suggest to a recipient that the mail is coming from a bona fide source,” he said. “That requires a level of sophistication that we’re not accustomed to seeing.

“To say that this whole issue is becoming more complex would be an understatement,” he opined.

“It has reached a point where if you are on a business computer, there is no reason to be opening an unsolicited e-mail attachment, exchanging joke files, exchanging jpegs — that has all become the playground of a criminal element,” he added.

Increase in Crimeware

“We’re seeing continued increases quarter to quarter in terms of the amount of malicious code out there,” Dave Cole, Director of Security Response for Symantec, told TechNewsWorld.

“A lot of it is being driven by crimeware — things that are stealing people’s identities, stealing their data or relaying spam or phishing messages,” he said.

“There are still things like the Kama Sutra worm out there,” he added, “but the vast majority of what we see are these threats that are a lot more silent, that aren’t nearly as noisy; that aren’t intent on destroying data, but on stealing it.”

Although malware like the Kama Sutra worm, or, CME-24, may grab headlines, it’s the malware designed to grab cash that concerns security pros.

“What we’re seeing is the true professional criminal culture taking form on the ‘Net,” Kelly Mackin, Product Manager, Research, for Computer Associates told TechNewsWorld. “Buying compromised PCs is like ordering fast food. You pay a nickel per PC and you can do anything you want with it.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Security

Technewsworld Channels