Each week vnunet.com asks a different expert to give their views on recent virus and security issues, with advice, warnings and information on the latest threats.
This week David Emm, senior technology consultant at Kaspersky Lab UK, warns of the increasing threat from virus writers seeking to make mony from their creations.
In the 'good old days' most viruses fell into the category of cyber-vandalism, written by inexperienced programmers as a form of anti-social self-expression. Much of the code they produced was of poor quality, although there were, of course, notable exceptions.
Things have changed, sadly for the worse. The connectivity offered by the internet has provided fertile ground for would-be virus authors, allowing them to share ideas and code with more experienced virus writers. At the same time, the web has become the life-blood of commerce, with growing numbers of enterprises reliant on it for doing business.
As these two developments juxtapose, the last year has seen the computer underground realising the potential for making money from their virus creations in a wired world.
Many of today's most successful threats are a composite 'bundle' of malicious code, and increasingly this bundle includes a Trojan. Successive variants of Bagle, Netsky and MyDoom, for example, have installed Trojans on infected machines. The aim is to gain total control over the victim's computer so that it can be used for malicious activities.
Victim machines are frequently combined into networks, often using IRC channels or websites where the author has placed additional functionality. The more complex Trojans, like many of the Agobot variants, combine infected machines into a single P2P network. Such 'bot' networks offer an effective way of controlling machines: to collect personal data (passwords, Pins etc) for spam distribution, or to launch distributed denial of service attacks.
There has been a significant increase in the numbers of backdoor Trojans during the past year, designed to steal confidential financial data. Dozens of new variants appear every week, often different in form and function. Some are simple keystroke loggers that use email to send the captured information to the author or controller of the Trojan. The more elaborate provide complete control over victim machines, sending whole data streams to remote servers and receiving further commands from these servers.
In addition, a clear link has emerged between malicious code and spam distribution. The appearance of the Mitgleider Trojan early in 2004 established the Trojan Proxy as a separate category of malware closely related to spam distribution.
Mitgleider used one of two Internet Explorer vulnerabilities to install and launch a proxy server on victim machines, without the users' knowledge. The Trojan then opened a port, allowing it to send and receive email and turn the machines into an army of spam-spewing zombies.
Droppers, another category of Trojan, are designed specifically to install other malicious programs on a machine. Like a form of malware archive, they may carry several completely unrelated pieces of malware, different in behaviour and even written by different coders.
Downloaders offer a variation on the same theme. As the name suggests, their purpose is to pull down malicious code from a remote site. This may be a new piece of malware or successive versions of an existing Trojan, extending the usefulness of the victim machine for the author or controller.
And it's not just Trojan code that gets installed. Droppers and downloaders are also used to install other unwanted, non-viral programs without the user's knowledge or consent. This includes adware programs that show advertisements independently of user activity, or diallers that connect to pornographic pay-to-view sites automatically.
Once the number of machines infected reaches critical mass, the incumbent Trojans can be instructed to flood a particular website with traffic. There have been a number of reported cases of DDoS linked to extortion where a small-scale DDoS attack is used to demonstrate a wider capability: 'Pay-up or we'll take down your site with a full DDoS attack'.
The use of Trojan programs to steal passwords, to access confidential data, to launch DDoS attacks and to distribute spam email highlights a key change in the nature of the threat landscape: its increasing commercialisation.
And it's clear that this trend will continue as long as it proves successful for the writers of malicious code and those who pay them to create code that can be used to make money illegally.
US space agency believes the crater could have preserved ancient organic molecules from the water that flowed there billions of years ago
Valve quietly closes down hardware initiatives launched following Windows 8
Scientists create a virtual reality simulation of a black hole sitting at the centre of the Milky Way
Simulations like this can help people understand complicated systems in the universe in a better way
The most luminous galaxy ever discovered is cannibalising at least three of its smaller neighbours, study finds
The galaxy radiates at 350 trillion times the luminosity of the Sun