Sunday, December 07, 2008

Thieves Winning Online War, Maybe in Your PC

From nytimes.com (thanks Rick)

December 6, 2008

Thieves Winning Online War, Maybe in Your PC
By JOHN MARKOFF

SAN FRANCISCO — Internet security is broken, and nobody seems to know quite how to fix it.

Despite the efforts of the computer security industry and a half-decade struggle by Microsoft to protect its Windows operating system, malicious software is spreading faster than ever. The so-called malware surreptitiously takes over a PC and then uses that computer to spread more malware to other machines exponentially. Computer scientists and security researchers acknowledge they cannot get ahead of the onslaught.

As more business and social life has moved onto the Web, criminals thriving on an underground economy of credit card thefts, bank fraud and other scams rob computer users of an estimated $100 billion a year, according to a conservative estimate by the Organization for Security and Cooperation in Europe. A Russian company that sells fake antivirus software that actually takes over a computer pays its illicit distributors as much as $5 million a year.

With vast resources from stolen credit card and other financial information, the cyberattackers are handily winning a technology arms race.

“Right now the bad guys are improving more quickly than the good guys,” said Patrick Lincoln, director of the computer science laboratory at SRI International, a science and technology research group.

A well-financed computer underground has built an advantage by working in countries that have global Internet connections but authorities with little appetite for prosecuting offenders who are bringing in significant amounts of foreign currency. That was driven home in late October when RSA FraudAction Research Lab, a security consulting group based in Bedford, Mass., discovered a cache of half a million credit card numbers and bank account log-ins that had been stolen by a network of so-called zombie computers remotely controlled by an online gang.

In October, researchers at the Georgia Tech Information Security Center reported that the percentage of online computers worldwide infected by botnets — networks of programs connected via the Internet that send spam or disrupt Internet-based services — is likely to increase to 15 percent by the end of this year, from 10 percent in 2007. That suggests a staggering number of infected computers, as many as 10 million, being used to distribute spam and malware over the Internet each day, according to research compiled by PandaLabs.
Security researchers concede that their efforts are largely an exercise in a game of whack-a-mole because botnets that distribute malware like worms, the programs that can move from computer to computer, are still relatively invisible to commercial antivirus software. A research report last month by Stuart Staniford, chief scientist of FireEye, a Silicon Valley computer security firm, indicated that in tests of 36 commercial antivirus products, fewer than half of the newest malicious software programs were identified.

There have been some recent successes, but they are short-lived. On Nov. 11, the volume of spam, which transports the malware, dropped by half around the globe after an Internet service provider disconnected the McColo Corporation, an American firm with Russian ties, from the Internet. But the respite is not expected to last long as cybercriminals regain control of their spam-generating computers.

Complete article.