[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Tuesday, 15 November 2005, 09:50 GMT
Virus creators target their work
By Mark Ward
Technology Correspondent, BBC News website

Heavy plant equipment, AP
US firm Caterpillar was hit by the Zotob worm
Computer users could be forgiven for thinking that life online got safer in 2005 thanks to the lack of headline-hitting computer viruses.

Over the last 11 months the only viruses to get mainstream media coverage were the Mytob and Zotob worms.

What helped propel Zotob into the headlines was the fact that it managed to infect machines at several large media organisations including CNN and ABCNews and the Financial Times.

In 2004 Symantec recorded 35 of what it designates as Category Three and Four incidents, said Art Wong, head of the anti-virus firm's security response team. The higher the number, the more people infected by a particular bug.

By contrast, he said, 2005 has only seen five of these big hitting viruses.

Code change

The difference is due to a change in those who write viruses, said Mr Wong. Formerly the creators of malicious programs just wanted to spread fast to as many machines as possible.

"Now it's about financial gain not fun."

As a result the last thing a virus writer wants is for his creation to be noticed.

Backdoor - Agobot
Backdoor - Delf
Backdoor - Rbot
Backdoor - SdBot
Backdoor - VB
Trojan - Downloader
Trojan - Dropper
Trojan - PSW.Lmir
Trojan - Spy.Banker
Trojan - StartPage
Trojan - VB
Source: F-Secure
"Instead of huge pandemic worms being launched," he said, "the intent is to launch worms that infect machines without people knowing about them."

This also helps to explain the rise of spyware that attempts to hijack PCs and bombard people with unwanted adverts.

Instead virus writers have started pumping out many variants of their malicious creations in a bid to grab computers they can hijack or to steal

"We've seen a 100% increase in Category 1 and 2 viruses," said Mr Wong.

In total all the victims of all the variants of a virus may add up to as many as those infected by a single outbreak of older viruses, he explained.

But, he added, because there are small numbers of lots of viruses, few penetrate the mainstream media.

As a result, people feel safer even though just as many people are getting caught out. Without regular warnings, many people become complacent and forget basic safe computing.

Growth pattern

Security companies and researchers keep track of viruses by labelling them with letters in alphabetic order. After "z" comes "aa" then "ab" and so on.

Graham Cluley, Sophos
Cluley: Virus writers are customising their attacks
There are so many variants of some viruses that they have wrapped round the alphabet three times.

For instance, in late October Finnish security firm F-Secure found and named a "btu" variant of the generic Trojan-Downloader bug. This means that there are more than 2,000 variations of this malicious program.

According to F-Secure there are 11 generic virus families that have racked up a similar number of alternatives.

And the pace that variants appear shows no sign of slowing down. Security firm Sophos said that it saw 1,685 new virus variants in October 2005 - more than ever before.

Top of the virus charts is a variant of the Netsky.P virus which first appeared in March 2004.

Graham Cluley, senior technology consultant at Sophos, said virus writers were pumping out small numbers of lots of variants to help them handle the amount of data they are harvesting.

"What are you going to do with 200,000 passwords?" he asked. "They cannot handle that amount of data."

Far better for criminals, he said, to target small groups of users and harvest a manageable amount of data.

Sophos had seen customised attacks against employees of specific companies, customers of particular net service firms or simply the top few hundred names on a spam e-mail list.

"If you only send it to 200 people, it's more likely you will infect them for much longer," he said.

Boom times for hi-tech fraudsters
28 Sep 05 |  Technology
Fraudsters turn to online crime
08 Nov 05 |  Scotland
Net users told to get safe online
27 Oct 05 |  Technology
Spyware 'rampant' in UK computers
20 Oct 05 |  Technology
Money motive drove virus suspects
05 Sep 05 |  Technology
Sasser creator avoids jail term
08 Jul 05 |  Technology

The BBC is not responsible for the content of external internet sites


Americas Africa Europe Middle East South Asia Asia Pacific