Virus writers turn from worms

Email worms are falling out of favour with the hacking community, according to a report investigating malicious internet activity.

Instead malware authors are increasingly subverting vulnerable instant messenger (IM) systems and using network viruses that do not require user interaction to spread. Other threats identified include botnets and increasingly intrusive adware.

The report, Malware Evolution. January-March 2005, from security firm Kaspersky Labs notes that viruses for IM systems started to appear late last year but are only now appearing in volume. Seven out of every eight IM worms attack Microsoft's MSN Messenger service.

"It's clear that classic email worms are on the decline, with network and instant messaging worms exploiting relatively lax security to take their place," said Alexander Gostev, senior virus analyst at Kaspersky Labs.

"Improved antivirus technologies, and increased user awareness of security issues are clearly forcing virus writers and hackers to use new approaches to access users' information and systems."

The study identifies 40 individual IM worms in the first quarter of the year, the majority written in one of the simplest computer languages, Visual Basic (VB). It noted that use of this language indicates the authors are relatively unsophisticated coders, since VB is not widely used by experts because it is so slow to run.

The report also highlights the danger from botnets - networks of PCs remotely controlled by hackers to send spam or take part in denial of service attacks. The report estimates 300,000 new PCs join botnets every month.

"Botnets are the greatest threat to the internet as we know it," warned Gostev.

"They stimulate the creation of new malicious programs as they require constant refreshment, both in terms of new malware and new zombie machines to extend the network."

He also warns that adware and malware are becoming increasingly similar and the line is blurring between what is legitimate advertising and intrusion. Existing adware blockers are failing at the moment and will become useless over time.

"The boundary between adware and other malware no longer really exists," Gostev noted.

"Adware, viruses and Trojans now exhibit many of the same characteristics, meaning that products designed only to protect against adware should be treated with a healthy degree of skepticism. With adware becoming increasingly inseparable from classic malware, dedicated anti-adware solutions will simply cease to provide adequate protection."