The world of hacking was once just a nasty, geeky, online version of “American Idol” – young adults competing to gain recognition. But lately they’ve been trying to gain money, security professionals said.
“We’ve seen a definite trend toward monetary gain,” said Oliver Friedrichs, senior manager at Symantec Security Response.
From July through December, 54 percent of the top 50 malicious programs sought to steal confidential information, often financial data, up from 44 percent from the previous six months, security software company Symantec Corp. reported.
“This is easy white-collar crime,” said Steven Sundermeier, a vice president at security software company Central Command .
The semiautomatic weapon for online criminals: bots, short for robots, a combination of worms, which are self-propagating viruses, and Trojan horses, malicious software secretly installed on a PC.
Hackers covertly install bots on insecure computers and remotely control the PCs. Though bots aren’t new, they’re increasingly used for criminal purposes, experts said.
Criminals scour the infected PCs for credit card numbers and banking passwords and may steal a person’s identity. They can install adware – software that launches money-making ads – log keystrokes and turn on a PC’s video camera.
One bot Symantec found could receive commands from the hacker via e-mail. Numerous others hijack PCs and use them to send spam. Another bot uses a seized PC to send e-mails to lure people to a replica of a Web site under the hacker’s control, routing entered passwords and other sensitive information to the hacker.
Some hackers even sell bots that resist anti-virus protection for $20 to $1,000 to organized crime groups and other hackers, according to TruSecure, a security software company.
As anti-virus companies release vaccinations, hackers craftily tweak their techniques. Symantec found 6,000 new variants of the top three bots in the last half of 2004, nearly 11 times the number from the same period the previous year.
Hackers connect the bots into a network of up to hundreds of thousands of bots, which they can use to overwhelm Web sites with requests, making the sites inaccessible and demanding “protection money.”
“They basically say to the online gambling sites ‘If you don’t pay a certain amount of money we will send our bot army against you,’” said Johannes Ullrich, chief technology officer at the SANS Institute.
It’s difficult to trace the crimes to hackers because infected PCs in homes and workplaces do the dirty work, security specialists said.
“An 80-year-old grandma who is just online innocently chatting or e-mailing grandsons or granddaughters may download and execute one of these bots,” Sundermeier said. “If any trace routing is done, it comes back to her machine.”
Talk to us
> Give us your news tips.
> Send us a letter to the editor.
> More Herald contact information.
