Security News > 2005 > February > Bad O-S design blamed for rise in bots
http://www.smh.com.au/news/Breaking/Bad-OS-design-blamed-for-rise-in-bots/2005/02/15/1108229972070.html By Sam Varghese February 15, 2005 Computer users are today forced to wear the side effects of operating systems which had been designed with functionality and not security in mind, a senior executive of a major anti-virus company says. Allan Bell, the marketing director for McAfee Asia Pacific, made the comment in connection with today's release of a pan-European study into crime and the internet, titled the Virtual Criminology Report. The study was commissioned by McAfee and conducted by security expert and computer criminologist Dr Peter Troxler, a researcher at ETH Zurich, the Swiss Federal Institute of Technology, with input from hi-tech crime units in Britain, France, Germany, the Netherlands, Spain and Italy. Bell said the study was borne out of the success of an earlier white paper, also on cyber crime in Europe. The paper was mostly done in-house and after a largely positive response, McAfee decided to undertake this broader study. The activity documented by Dr Troxler includes extortion and protection rackets, fraud and theft on a pan-European and global scale, as well as new net-only scams. Referring to specifics, Bell said one example of functionality providing a way into a user's computer was the auto-execution of attachments in Outlook Express. "Someone may receive a music file and this email client is set to play it as soon as the email is opened; a malicious attacker can send a music file and also attach code that executes in the background while the music is playing," he said. "It's nice for the user but it has a big downside." The study says cyber crime had evolved from the stage where lone individuals were staging exploits to prove something to their peers, to one where an organised 'cyber mafia' was mobilising thousands of zombies to commit crime on a global scale. It said in Russia, the Ministry of Internal Affairs counted 7053 cybercrime cases in 2003, almost double that in 2002 (3782); last year, that number was 4995 in the first half of the year. The study illustrates the extent to which cyber crime is now a silent affair - the machines which are used are owned by people who do not know they are part of a vast bot network. Bell said that the way things were done, it was extremely difficult to track the IP of the actual criminal with the degree of certainty required to bring about a conviction. The rate of growth of worms and malware was also increasing, with the study pointing out that while signature files for 300 new malicious threats was being put out per month some time back, today this figure had tripled to about 900 to 1000 per month, with the increase largely being in the number of bots. The study said that an estimated 70 percent of malicious code was written purely for profit. Further, organised gangs were recruiting lower-level attackers, the so-called script kiddies, and paying them to create malicious code for phishing, credit card and extortion scams. It quoted a spokesperson from Britain's National Hi-Tech Crime Unit (NHTCU) as saying: "We have seen intelligence to suggest that European organised crime is hiring hackers to carry out computer attacks." Gangs in Sweden, Latvia, and Russia were found to targeting business worldwide with British bookmakers and businesses in Australia and Japan affected. The study cited the case of Peter White a.k.a. 'iss' who offered the use of a bot in protection rackets for $US28,000 per month. Dr Troxler's investigation found that the going rate was as little as £100 an hour for use of these bots. Dr Troxler also discovered evidence in Britain, the Netherlands, France and Italy of organised criminals exploiting script kiddies and hackers to do their bidding. In Germany, an organised network called Liquid FX had exploited the skills of young hackers to find vulnerable networks. The report found that more hardened criminals were hiding behind script kiddies to reduce their own exposure to risk, just as a drug runner would hide behind a teenaged dealer. Dr Troxler predicted that corporate espionage using bot-nets was one area that would see an increase in the next 12 months and cited the case of Jay Echouafi in Massachusetts who hired three script kiddies called Emp, Rain and sorCe to launch an attack on the websites of three competitors. They used a bot to launch the attack. Bell said the sole purpose of the study was to educate people and not to spread panic. _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005