A report published this week by Kaspersky Labs discusses the increasing confrontations between virus writers and the anti-virus industry. The internal wars between malware authors was also under inspection.
The report, entitled Malware Evolution 2005, Part II, believes cyber-criminal trends are changing. It deduces that a spike in malware-based activity indicates criminals are being driven my greed, rather than glory.
Kaspersky states cyber-crooks are watching the anti-virus industry as closely as they are being watched. One example being their use of multi anti-virus scanners, which test new modifications of existing malicious programs against vendors` anti-virus databases prior to release.
Spy vs spy
Although profit-driven attacks are on the rise, the report also states "existing groups (of hackers) are banding together, and new groups are emerging". Simultaneously, it is evident virus writers are turning against each other. The days of hacker camaraderie brought on by suckering people and pointlessly harming machines are long gone.
Virus writers are turning against each other.
Ilva Pieterse, ITWeb contributor
According to the report, some malware authors create programs to destroy software created by rival groups, allowing an unchallenged malicious infection on a PC. There`s obviously no sharing when it comes to money, even if it`s someone else`s.
Also worth a mention are the increasing number of attacks on government organisations, including government-owned banks, e-trading portals and the military. Hacking financial institutions and mobile devices, however, continues to be a cyber-criminal`s favourite past-time, the report concludes.
Mobile beware
On the subject of mobile, The Economist conducted a survey on mobile security for California-based anti-virus company Symantec. Of the 250 executives questioned, 82% agreed damage from virus attacks is the same, if not greater, on a mobile network than on a fixed one.
However, while 81% are up to scratch with their laptop security, only 26% have addressed security risks on smart phones.
Only 9% have deployed an in-depth security architecture that includes mobile device access, and 20% have lost money to mobile-specific attacks. Western Europe, with 55% of respondents having deployed security software to protect their mobile data, is best prepared, compared with Asia-Pacific (44%) and North America (36%).
Nash on IE
Microsoft`s security business and technology unit VP Mike Nash might be stepping aside, but for now he is still addressing IE security concerns on Microsoft`s security response centre blog.
Among other things, he acknowledged last week`s createTextRange flaw, which sent many into a panic and had third-party anti-virus firms coming up with temporary fixes. According to Nash, there is a chance that the next IE patch might be released before its scheduled date of 11 April.
Quick fixes
One of this week`s fixes include McAfee`s patch up of the WebShield flaw. WebShield scans incoming e-mail, including attachments, for malevolent content. The flaws were being used by hackers to send malicious code to certain memory locations and alter the execution of the application.
Another big fix this week is for Apple`s Mac OS X flaw. The flaw can be exploited by attackers to bypass firmware passwords.
"Intel-based Macintosh computers support the firmware password feature," Apple said. "Prior to this update, a person with physical access to the computer could bypass the firmware password and access single-user mode."
Sources used: SearchSecurity, The Register
Share