IHT : Malware Perpetrators Winning Security Arms Race
Sunday, December 7, 2008
Internet security is broken, and nobody seems to know quite how to fix it. Despite the efforts of the computer security industry and a half-decade struggle by Microsoft to improve the security of its Windows operating system software, malicious software is spreading faster than ever. The so-called malware surreptitiously takes over a PC and then uses that computer to spread the software to other machines exponentially. Computer scientists and security researchers acknowledge that they cannot get ahead of the onslaught. As more business, commerce and social life has moved onto the Web, gangs of elusive criminals thrive on an underground economy of credit-card thefts, bank fraud and other scams that rob computer users of an estimated $100 billion a year, according to a conservative estimate by the Organization for Security and Cooperation in Europe. A single Russian company that sells fake antivirus software, which actually takes over a computer, pays its distributors as much as $5 million a year. With vast resources from stolen credit card and other financial information, the cyberattackers are handily winning a technology arms race. “Right now the bad guys are improving more quickly than the good guys,” said Pat Lincoln, director of SRI International’s Computer Science Laboratory. A well-financed computer underground has built a major advantage by working in countries that have global Internet connections but ineffectual law enforcement agencies that have little appetite for prosecuting offenders who are bringing in significant amounts of foreign currency. That was driven home late last month when RSA Fraud Action Research Lab, a security consulting group, reported that it had discovered a cache of a half-million credit-card numbers and bank-account log-ins, all of which had been clandestinely harvested by a large network of zombie computers remotely controlled by an underground online gang. In October an independent group of researchers at the Georgia Tech Information Security Center in Atlanta reported that the percentage of online computers infected by such robot networks, or botnets, was likely to increase to 15% by the end of this year from 10% in 2007. That suggests a staggering number of infected computers. About 10 million robot computers are being used to distribute spam and malware over the Internet each day, according to research compiled by Panda Labs.
Security researchers acknowledge that their efforts are largely an exercise in the game of whack-a-mole, to large extent because botnets that distribute spam, trojans and viruses are still relatively invisible to commercial anti virus software. A research report by Stuart Staniford, chief scientist of FireEye, a Silicon Valley computer security firm, indicated that in recent tests of 36 commercial antivirus products, less than half of the most recent malicious software was identified. There have been some recent successes, but they are short-lived. On Nov. 11, the volume of spam, which transports the malware, dropped by half around the globe after Mycolo, an American company with Russian ties, was disconnected from the Internet. But spam levels rose again as a new connection was established through Hong Kong. The malware has consistently evolved and now programs can be targeted to hunt for a specific type of information – including any kind of personal information stored on a personal computer – or for certain documents…..The sophistication of the programs has begun in the past two years to give them almost lifelike capabilities. For example, malware programs now infect computers and then routinely use their own antivirus capabilities to not only disable antivirus software but remove competing malware programs. Recently, Microsoft anti-malware researchers disassembled an infecting program and were stunned to discover that it was programmed to turn on the Windows Update feature after it took over the user’s computer. The infection was insuring that it was protected from other criminal attackers. And there is more of it. Microsoft has monitored a 43% jump in malware removed from Windows computers just in the past half year…..The U.S. government has begun to recognize the extent of the problem. In January, President George W. Bush signed National Security Presidential Directive 54 establishing a clandestine national cybersecurity initiative. The plan, which may cost as much as $30 billion over seven years, is directed at securing the U.S. government’s own computers as well as the systems that run the United States’ critical infrastructure, like oil and gas networks and electric power and water systems. That will do little, however, to help protect businesses and consumers who use the hundreds of millions of Internet-connected personal computers and cellphones, the new target of the criminals. Beyond the billions of dollars lost in stolen money and data is another, deeper impact. Many Internet executives fear that basic trust in what has become the foundation of 21st-century commerce is rapidly eroding.
…..It is a vastly different world than 20 years ago when the first worm was inadvertently unleashed by a 24-year-old Cornell University graduate student. It wreaked havoc through the Internet, then located almost exclusively in the United States and composed of just 60,000 computers. Written by Robert Tappan Morris, now a respected computer scientist at the Massachusetts Institute of Technology, the worm contained a small design error that led the program to replicate explosively and ultimately jam many of the computers on the Internet. “Modern worms are stealthier and they are professionally written,” said Bruce Schneier, chief security technology officer for British Telecom. “The criminals have gone up-market and they’re organized and international, because there is real money to be made.” The cybercriminals appear to be at least as technically advanced as the most sophisticated software companies. And they are faster and more flexible. As software companies have tightened the security of the basic operating systems like Windows and Macintosh, attackers moved on to Web browsers and Internet-connected programs like Adobe Flash and Apple Quicktime. This has led to an era of so-called drive-by infections, where users are induced to click on Web links that are contained in e-mail messages. Cyber-criminals have raised the ability to fool unsuspecting computer users into clicking on intriguing messages to a high art. Researchers note that the global cycle of distributing security patches inevitably plays to the advantage of the attackers, who can continually hunt for and exploit new back doors and weaknesses in systems. This year, computer security companies have begun shifting from traditional antivirus program designs, which are regularly updated on subscribers’ personal computers, to Web-based services that can be updated even faster. “This is always an arms race. As long as it gets into your machine faster than the update to detect, the bad guys win,” Schneier said. Security researchers at SRI International are now collecting more than 10,000 unique samples of malware daily from around the globe…..