Watch the money-go-round, watch the malware-go-round
Heather Goudey Computer Associates
While the lawless Wild West metaphor for the Internet has been used for some time, 2003 saw such disturbing growth in the
number of malware and malicious content that was created with the specific aim of illegally producing profit at the user's
expense, that this metaphor has never proved so illustrative.
The social engineering methods and tools used are becoming increasingly complex and sophisticated. These include an array
of evil bots, backdoors, Trojans, worm/Trojan-hybrids, diallers, semantic attacks, spyware, so-called adware and
'pusherware', and a large cast of phishers, frauders, identity thieves, spoofers, spammers and cognitive hackers. However,
what may be the most worrying about recent events is the increasing, although not conclusive, evidence indicating
professional and organised development and distribution.
This paper researches the current exploding trend towards profit-driven, mercenary malware and how this change in the
motivation of those producing malicious content is affecting the anti-virus industry and our users. It draws on field
research to present supporting statistical evidence. The paper reflects on the evolution and rapid development of this
type of content and similar devices used to perpetrate fraud and other forms of wide-scale computer crime, examining
possible future scenarios for the Internet and anti-virus should this trend continue unabated, and gives some
recommendations for dealing with these increasingly worrisome threats.
This month VB's test team put 26 products to the test on
Windows Server 2008. John Hawes has the full results.