[ISN] Bad O-S design blamed for rise in bots

InfoSec News isn at c4i.org
Wed Feb 16 10:06:54 EST 2005


By Sam Varghese
February 15, 2005

Computer users are today forced to wear the side effects of operating
systems which had been designed with functionality and not security in
mind, a senior executive of a major anti-virus company says.

Allan Bell, the marketing director for McAfee Asia Pacific, made the
comment in connection with today's release of a pan-European study
into crime and the internet, titled the Virtual Criminology Report.

The study was commissioned by McAfee and conducted by security expert
and computer criminologist Dr Peter Troxler, a researcher at ETH
Zurich, the Swiss Federal Institute of Technology, with input from
hi-tech crime units in Britain, France, Germany, the Netherlands,
Spain and Italy.

Bell said the study was borne out of the success of an earlier white
paper, also on cyber crime in Europe. The paper was mostly done
in-house and after a largely positive response, McAfee decided to
undertake this broader study.

The activity documented by Dr Troxler includes extortion and
protection rackets, fraud and theft on a pan-European and global
scale, as well as new net-only scams.

Referring to specifics, Bell said one example of functionality
providing a way into a user's computer was the auto-execution of
attachments in Outlook Express. "Someone may receive a music file and
this email client is set to play it as soon as the email is opened; a
malicious attacker can send a music file and also attach code that
executes in the background while the music is playing," he said. "It's
nice for the user but it has a big downside."

The study says cyber crime had evolved from the stage where lone
individuals were staging exploits to prove something to their peers,
to one where an organised 'cyber mafia' was mobilising thousands of
zombies to commit crime on a global scale.

It said in Russia, the Ministry of Internal Affairs counted 7053
cybercrime cases in 2003, almost double that in 2002 (3782); last
year, that number was 4995 in the first half of the year.

The study illustrates the extent to which cyber crime is now a silent
affair - the machines which are used are owned by people who do not
know they are part of a vast bot network. Bell said that the way
things were done, it was extremely difficult to track the IP of the
actual criminal with the degree of certainty required to bring about a

The rate of growth of worms and malware was also increasing, with the
study pointing out that while signature files for 300 new malicious
threats was being put out per month some time back, today this figure
had tripled to about 900 to 1000 per month, with the increase largely
being in the number of bots.

The study said that an estimated 70 percent of malicious code was
written purely for profit. Further, organised gangs were recruiting
lower-level attackers, the so-called script kiddies, and paying them
to create malicious code for phishing, credit card and extortion

It quoted a spokesperson from Britain's National Hi-Tech Crime Unit
(NHTCU) as saying: "We have seen intelligence to suggest that European
organised crime is hiring hackers to carry out computer attacks."  
Gangs in Sweden, Latvia, and Russia were found to targeting business
worldwide with British bookmakers and businesses in Australia and
Japan affected.

The study cited the case of Peter White a.k.a. 'iss' who offered the
use of a bot in protection rackets for $US28,000 per month. Dr
Troxler's investigation found that the going rate was as little as
£100 an hour for use of these bots.

Dr Troxler also discovered evidence in Britain, the Netherlands,
France and Italy of organised criminals exploiting script kiddies and
hackers to do their bidding. In Germany, an organised network called
Liquid FX had exploited the skills of young hackers to find vulnerable
networks. The report found that more hardened criminals were hiding
behind script kiddies to reduce their own exposure to risk, just as a
drug runner would hide behind a teenaged dealer.

Dr Troxler predicted that corporate espionage using bot-nets was one
area that would see an increase in the next 12 months and cited the
case of Jay Echouafi in Massachusetts who hired three script kiddies
called Emp, Rain and sorCe to launch an attack on the websites of
three competitors. They used a bot to launch the attack.

Bell said the sole purpose of the study was to educate people and not
to spread panic.

More information about the ISN mailing list