Competition among cybercriminals fueling malware production

2:22:00 AM

Competition among cybercriminals fueling malware production
07/13/2011 | 04:54 PM

No thanks to competition among cybercriminals, malicious software appears to be developing at a rapid pace, a computer security firm said.

Kaspersky Labs said this appears to be the case of the TDL-4, the latest TDSS botnet that can steal data while avoiding detection from antivirus software.

Malware expert Sergey Golovanov noted that the TDL-4's new capabilities include:

Having its own encryption method in communicating with other infected computers;

Use of peer-to-peer networks in sending commands; and

Creating a proxy server functionality that could allow cybercriminals to have undetectable, unlimited Internet access.

On the other hand, he said TDL-4 can also delete some 20 competing botnet products, including Gbot, ZeuS, and Optima.

“Such is the tenacity of the TDL-4 that it can even destroy other competing applications. This means that cybercriminals are fighting among themselves to secure their positions in the lucrative and illegal underground industry, “ Golovanov said.

Kaspersky Lab experts estimate TLD-4 may have infected some 4.5 million computers worldwide in the first three months of 2011 alone.

They added cybercriminals may have spent $250,000 (P10.8 million) in creating a botnet with American users.

Golovanov and fellow expert Igor Sumenkov said the development of the TDSS will likely continue being a nightmare for end-users and computer security specialists.

Infecting 64-bit systems

Golovanov said another major new feature of TDL-4 is the possibility to infect 64-bit operating systems.

As it is, he said the TDSS itself installs around 30 utilities, including fake anti-virus programs and systems for increasing advertising traffic and distributing spam.

Competition among cybercriminals

Sumenkov, another Kaspersky Lab expert, said that competition is such that cybercriminals are heavily investing in both technology and manpower.

He said the TDL-4 also allows a proxy-server function, which cybercriminals use to offer anonymous access services, charging around $100 per month.

“The authors of the malware are not expanding the network of infected computers themselves; instead they pay third parties to do it. Depending on the particular terms and conditions, partners are paid from US$20 to US$200 for the installation of a thousand malicious programs," Sumenkov said. — Source: TJD, GMA News

You Might Also Like