Most “Malware” is now “Crimeware”

Computer viruses, Trojans, and worms have evolved a great deal since their inception in the 1970s.  Originally the province of pranksters and glory seekers, then anarchists trying to see how much damage they can cause, the new generation of malicious hackers is in it for the money.

The first widespread virus outbreak occurred in 1982 and was known as “Elk Cloner.”  At every 50th boot, it would display a humorous poem, but was otherwise harmless.  Since then there have been many viruses and variants that caused no intentional damage to hardware or software, but at various or random intervals would display jokes, political messages, or humorous (to the virus authors, at least) messages.  Such “harmless” malware can still be disruptive though, by clogging networks, slowing system performance, and consuming storage space.

It wasn’t long after that first widespread outbreak that virus technology attracted a more despicable breed of hacker, those who create malware with intentionally destructive capabilities.  A prime example is the Jerusalem virus launched in 1987.  It was designed to destroy all executable program files every Friday the 13th.  This virus spawned a large number of variants which activated on different dates and created numerous symptoms – some intended and others accidental – but the majority of them, like the original, deleted or destroyed executable programs.  The motivations behind these attacks are perplexing because the destruction of resources seems pointless.  The question, “Why don’t these programmers put their skills to more productive use?” seems to have inspired the current mindset among malware authors, although not in the direction we would have liked.

While the pranksters and anarchists may still be around, of much greater concern these days is the alarming prevalence of viruses, Trojans, and worms whose creators are financially motivated, with connections to illegal gangs and organized crime.  Thus, the coinage of the term “crimeware.”  Far from trying to make the most dramatic impact possible as was the case with original malware, crimeware attempts to conceal its presence completely, avoiding detection as long as possible.  Indeed, hundreds of thousand – even millions – of PCs and servers are infected at any given time, in most cases without the knowledge of their owners.  Crimeware employs a number of techniques to allow it to run in stealth mode.  Rootkits for example install themselves deeply within an operating system and redirect standard system calls so that their processes run invisibly.  This makes it difficult even for antivirus and other security programs to detect and remove them.

Crimeware, as the name implies, exists to help its authors perpetrate crimes, such as identity theft, fraud, financial scams, theft of intellectual property and industrial secrets, access to confidential information.  Keyloggers, often delivered via a virus or worm, work to capture users’ keystrokes and transmit them to criminals, who in turn analyze the data to discover passwords and security phrases.  Why risk getting shot while robbing a bank, when one can simply use a stolen password and electronically clean out someone’s bank account?

As bad as this kind of crimeware is, there is one more trend that is even more disturbing.  Using worms, viruses, and Trojans, crimeware authors have been deploying agents which give them remote control over infected machines.  The average size of networks of such infected machines (referred to as “botnets”) is about 20,000 computers, but some have reportedly numbered in the millions.  Botnets give their criminal perpetrators control over enormous computing power heretofore unavailable except to agencies with access to super-computers.  They harness this power to launch phishing and denial-of-service attacks, send out massive amounts of spam, crack passwords, and perpetrate other types of internet crime.  Botnet controllers have gone so far as to create complete business models, licensing segments of their botnets to members of organized crime and other criminal elements for targeted attacks on specific businesses, government agencies, or market segments.  Sometimes these “services” come complete with technical support!

As an indication of just how serious the impact of crimeware is these days, the FBI recently issued a press release where they state that crimeware in general and botnets in particular represent “a growing threat to national security, the national information infrastructure, and the economy.”

49% of Americans not protected against viruses

According to a recent study by Mcafee and NCSA 92% of Americans believe they are protected with Anti-Virus with definitions that have been updated within the last week.   But according to the paper, only 51% had current definitions within the last week.  They also found 36% had a disabled firewall and 45% didn’t have anti-spyware installed, and finally only 12% of Americans had anti-phishing software installed.  Anti-Spam protection came in around 21% of the users sampled.  Overall they mention less than one in four Americans are fully protected against viruses and malware.  Of the people sampled, 87% of them store important personal data like financial information, health records, resumes, and personal emails on these computers.  Yet 88% of those sampled go online for their their bank, stock trading, or personal medical information.

Is your anti-virus vulnerable?

In a recent test, major anti-virus products were put into a lab environment and tested to see if they can be hacked using different exploits and even hardware.

Many threats today have focused on disabling anti-virus and security systems such as software firewalls. What good is running the latest and great anti-virus program when it is disabled.

This brings us to the winner of the test, our personal favorite; Kaspersky who brought in the Gold Self Protection Award successfully defending against 32 out of 33 malicious attempts to disable or other hinder the anti-virus product. Below are the top three results:

1) Kaspersky Internet Security 7

2) VBA Anti-Virus 3.11

Symantec Internet Security 2007

F-Secure Internet Security

3) ZoneAlarm Internet Security 7

Trend Micro PC-Cillin

Kaspersky Advances Internet Security

Kaspersky Lab Advances Internet Security

with New “Triple Threat” Protection Products

New Kaspersky Anti-Virus 7.0 and Kaspersky Internet Security
7.0

combine top-rated hourly anti-malware
signature updates, advanced proactive heuristics and real-time behavior
blocking

(Woburn, MA) – August 1, 2007 – Kaspersky Lab, a
leading developer of Internet threat management solutions that protect
against viruses, spyware, hackers and spam, today introduced the newest
versions of its flagship consumer and small office products – Kaspersky®
Anti-Virus 7.0 and Kaspersky® Internet Security 7.0.

Version 7.0 builds on the foundation of Kaspersky’s award-winning
version 6.0 antivirus engine, which earned the worldwide recognition of
both advanced IT users and millions of consumers. Kaspersky
Anti-Virus 7.0
includes premium-level protection against
viruses, Trojans, worms, spyware, adware, rootkits and keyloggers. Kaspersky
Internet Security 7.0
offers all this and additional protection
against phishing and spam, the integration of a sophisticated firewall,
plus privacy and parental controls.

Kaspersky Anti-Virus

Triple Threat Protection –

Kaspersky Anti-Virus 7.0 (KAV) and Kaspersky Internet Security 7.0 (KIS)
both offer the same comprehensive three-point protection concept developed
by Kaspersky Lab against known and unknown threats. Triple Threat
Protection combines three advanced approaches for defending against
today’s Internet threats and to effectively combat programs designed to
steal financial and confidential data stored on a computer.

Automated Hourly Anti-Malware Updates – Kaspersky Lab
is known for its top detection rate and its rapid response time to new
Internet threats. As in previous versions, 7.0 automatically updates a
user’s anti-virus signature database hourly. Update size of ~ 50Kb makes
the updates exceptionally small and virtually unnoticeable.

Proactive Heuristic Analysis – In the event of an
attack that the signature database does not currently defend against,
Kaspersky acts proactively to isolate and analyze the unknown program
for its potentially malicious behavior prior to its access to the
computer.

Real-Time Behavior Blocking – Version 7.0 also offers a
third line of defense by analyzing all processes running on the system,
alerting the user to any suspicious and potentially dangerous behavior
from an application. If any changes are made maliciously, Version 7.0
can automatically roll the computer back to the state prior to the
attack.
Kaspersky Internet Security Kaspersky
Internet Security 7.0, the integrated solution that protects home users
from all types of online threats, also includes a number of improvements
that greatly enhance its functionality and protection capabilities:

Privacy and Parental Control – The new Parental Control
module, which includes a linguistic analyzer and blacklists forbidden
Web addresses, allows parents to control their children’s Internet
browsing by blocking access to portals that display violence,
pornography and drug propaganda. Additionally, a new Privacy Control
module protects confidential data and prevents the theft of
potentially lucrative personal information, including email addresses,
passwords, bank details and credit card numbers.

Because Kaspersky Internet Security 7.0 includes components that protect
against all common IT threats, the solution can be used to protect the
infrastructure of small businesses that have a small number of
computers, for which deployment of sophisticated corporate IT security
solutions is not cost effective.

Enhanced User Interface –

Although the functionality and protection provided by both new Kaspersky
Version 7.0 products have been significantly enhanced, these products
are even easier to manage than its predecessor. Sporting a new user
interface, Kaspersky 7.0 is very intuitive for even inexperienced users
to easily install, configure and use.

Certified for Windows Vista – Kaspersky Anti-Virus 7.0
and Kaspersky Internet Security 7.0 were developed with Microsoft
Windows Vista in mind and are compatible with 32-bit and 64-bit versions
of the operating system. The products have been awarded the Certified
for Windows Vista logo. The products’ interfaces match Microsoft Windows
Vista in style and fit well into the operating system’s visual
environment.

Pricing and Availability – Kaspersky Anti-Virus 7.0 and
Kaspersky Internet Security 7.0 are currently available for purchase at www.lexansystems.com/store.
These products will be available in retail wherever computer security
software is sold in both the U.S. and Canada.

Kaspersky Anti-Virus 7.0 is priced at $59.95. Kaspersky Internet
Security 7.0 is priced at $79.95, and KIS 7.0 can be installed on up to
three PCs.

Users with a current license to Kaspersky Version 6.0 can upgrade free
of charge.

Quote:

Randy Drawas, Vice President, Marketing, Kaspersky Lab

“The number of daily new malicious threats detected in our Lab
is growing at an unprecedented rate. And as people continue to store
more valuable information on their computer – photos, music or personal
information – and as they shop and bank more online, they require
automated and robust security they can trust. Our new
seventh-generation security solutions just re-upped on our promise to
keep our customers safe. Triple Threat Protection seriously raises the
bar that cybercriminals have to scale, all while minimally impacting our
users’ computing experience.”