Creators of malware โ worms, trojan horses, spyware, adware โ are teaming up in the underground to propagate Internet threats at an even faster rate, according to a Canadian researcher.
โWhat weโre seeing is a concerted effort to share techniques,โ says Brian Grayek, vice-president of threat research at CA Inc. Headquartered in Islandia, NY, CA is a provider of information technology (IT) management software.
Barely a year ago, if a malware technique was proven successful, it might still have been weeks or even months before another attacker adopted that approach, says Grayek.
โNow, when we observe a new occurence, we see it happen suddenly all over the world. That was not the case three months ago, or even last year.โ
Authors of malware are sharing their methods, and using common systems and engines to transmit these various forms of hostile, intrusive and annoying software or program code, he says.
They communicate their malware strategies in three main ways, says Grayek.
First, malware authors converse on Internet relay chat (IRC) โ a synchronous conferencing channel for group communication โ where they share techniques and plans of attack.
Second, some are brazen enough to flaunt their conquests, strategies and techniques on personal Web sites. Grayek says this method is usually more common in countries where the IT security laws are relatively lax.
Third, malware creators locate one another through old-fashioned networking โ in other words, one connection upon another is created until a large informal group can start congregating and sharing ideas.
โThese groups have been built over the past year and a half, and now weโre seeing the results of their efforts,โ says Grayek.
Thereโs a financial incentive to get together and share techniques that work, he says, given the potentially large payouts to be made in the Internet attack business.
But besides sharing approaches so that malware attacks propagate faster, creators of harmful code are recycling elements of past successes and incorporating them in new, more robust and dynamic entities, he says.
For instance, the โhugely successfulโ approach employed by โstrationโ, a family of computer worms that produce new variants in order to avoid detection by anti-virus applications, is now observed in phishing attacks, says Grayek. โIf the image in the phishing message is slightly changed, it can keep anti-spam and anti-malware detectors from catching it.โ
Internet threats surfacing today tend to stem from successful attacks weโve seen from the past, rather than from new efforts or less successful threats,โ says James Quin, senior research analyst at Info-Tech Research Group in London, Ont.
โWeโre seeing an evolution of successful malware. All in all, that means the threat level is raised a little bit.โ
Despite this, Quin doesnโt believe the current plan of attack to recycle successful malware code represents a significant problem to IT security. โThe threats are those we already know about, and for which we have virus definitions, and are able to recognize.โ
The attackersโ ability to inflict potential damage will be minimized because IT systems will be that much more in tune with catching these threats, he says.
Quin agrees financial incentives play a major role in Internet attacks nowadays, thereby shifting the underlying motivation. โAttack trends, in general, are moving towards ones that are financially motivated, than ego motivated.โ
โThe โtalentedโ bad guys are diverting their efforts away from generic threats, such as writing viruses and worms, and putting their attention to targetted attacks that yield more monetary gain.โ