Profile of a Virus Writer: Pride to Profit

It used to be that the Hollywood portrayal of a computer virus writer — the teenage, late night pizza-eating, underachieving genius who gets a kick out of taking down the White House Web site — was fairly accurate. But today’s malicious code creator has a variety of ways to disrupt and trespass onto consumer and corporate PCs and networks: information-stealing trojans, spyware, spamming and phishing, and more.

The motivation for hacking has also evolved along with increased commerce and reliance on the Internet, with profit now possible in the sale of stolen data, denial of service (DOS) extortion schemes and the use of compromised computers, or bots, to form mercenary networks for sale, rental and attack.

“It’s just much closer to what a little economy looks like, with different markets,” Webroot Vice President of threat research Richard Stiennon told TechNewsWorld.

Malware Makers Evolve

In the last two years, security experts have warned that virus writers and releasers are less interested in establishing reputations and more interested in exploiting the growing number of personal information and other data assets that are available through the Internet using malicious code attacks.

Ken Dunham, senior engineer for iDefense Verisign, said there has also been an increase in the criminalization of creating malicious code, referring to bounties and law enforcement efforts.

“It’s a multi-billion dollar interruption to businesses,” he told TechNewsWorld regarding malware attacks. “Today, there is more of a focus on it, and if they play the pride game, there’s a lot more risk.”

Going Rates for Bad Code

So why would an intelligent, talented technology enthusiast turn to the dark side? For the money, according to Dunham. Ego has little to do with it anymore.

“Those kinds of motivations are going away,” he said. “It’s now related to criminal profit every time. It is driving a large majority of activity, especially large scale and sophisticated attacks.”

The security expert reported that while prices range based on the sophistication of the attack, the total amount of money derived from malware schemes and scams is millions, maybe billions, of dollars. Dunham said bots, which are computers that may be quietly overtaken by attackers, leaving their actual owners unaware, sell for about US$100 and up.

“That’s not a lot in American money, but it is a lot overseas,” Dunham said, pointing out a motive that is even greater in other regions and nations.

Malicious software may also be created on the spot for a targeted attacks or other purposes for several hundred to several thousand dollars, according to Dunham.

He said high-profile Web sites may be knocked offline for as much as $10,000, while smaller sites would cost closer to $1,000. Such dedicated DOS activity is used by extortion rings, which have been known to demand $50,000 to $100,000 to avoid a site takedown and can cost even more in lost productivity or sales.

“Usually, they do it — take a site down — then ask for the money and threaten to do it again,” Dunham said. “If you pay up, you’re a soft target, and they’ll come back for more.”

Web Gangs Work Together

While computer security experts do see involvement by traditional organized crime rackets in cybercrime and malicious code, Dunham said the last 18 months has marked the emergence of geographically dispersed “Web gangs,” which may dabble in spyware, trojans, viruses, phishing and more.

“They have ringleaders and they run global operations to find innocent 9-year-olds to push money over to their accounts,” he said. “Most people have no idea the complexity of these things, such as the re-shipment of IDs and the way they barter. There’s just a wide variety of these things that people don’t know about.”

Dunham also said attackers are working harder than ever to undermine security and engineer their attacks for success, a pattern that has appeared among bot authors and is now spreading to other malware communities.

“A similar affiliation has since emerged, primarily because of this profit motive,” he said.

Getting Worse, Going Legit

Webroot’s Stiennon indicated that today’s profit-motivated malware creators are using the same techniques as yesterday’s reputation-seeking virus writers — however, today’s attacks are more focused.

Reporting a recently rapid evolution of spyware, Stiennon said that such threats are reaching a saturation point and pushing competition and more crime.

“It is tapping out, so the guys who have made hundreds to thousands are changing to identity theft and extortion,” he said.

The analyst said that, despite the expertise among the young males who make up the majority of malware authors, those who break the law will likely to be locked out of legitimate security or other software work. There are, however, some software researchers who work with some of the same code, but never release it in the wild, and do not break the law, according to the analyst.

“There’s a huge pool of extremely talented young men who play with code, do reverse engineering, and are as knowledgeable as virus writers, but they’re not virus writers,” Stiennon said. “In the U.S., once a criminal, always a criminal,” he added. “They still suffer the consequences, and justifiably so.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels