Beware of the cyber crime boom

Security firm Sophos has seen a dramatic rise in the number of viruses, worms and Trojan horses this year as more organised criminals turn to cyber crime.

The firm reported last week that it had detected 7,944 new pieces of such malware in the first six months of this year - almost 60 per cent more than the same time last year.

The biggest growth was in Trojan horses - programs that can damage a user's files, steal information, or even create a backdoor which can be used to compromise a PC.

Trojans cannot self-propagate in the same way as viruses, so they have typically been less prevalent. According to Sophos, their increased popularity shows the extent to which the creation of malware is increasingly becoming the preserve of professional criminals.

Graham Cluley, senior technology consultant at Sophos, said: "There's been a shift towards Trojans to make money."

The IT security landscape has changed over recent months, with credit card fraud gangs, virus writing gangs, spammers and malicious hackers becoming more closely entwined, added Cluley.

One factor may be the anti-spam legislation that has been passed in many countries. Although these laws have been condemned as toothless in some quarters, Cluley claimed the legislation has helped to educate users to avoid unsolicited mail. As such, spammers have been forced to widen their activities.

2005 has seen several high-profile instances of businesses being hit by cyber crime. Back in March, it emerged that police had foiled an attempt to steal £220m from Sumitomo Mitsui Bank using keystroke loggers.

The top 10 viruses detected by Sophos so far this year all took advantage of flaws in Microsoft products, as virus writers target what Sophos calls "the great unwashed public".

But attacks directed at specific organisations could also take advantage of problems in other software, warned Cluley.

"We're also seeing vulnerabilities in Linux, Unix and Mac software too. No-one's perfect," he said.

Who are these mysterious organised criminals who have taken to writing viruses and launching cyber attacks? Cluley cited three gangs who he said epitomised the threat: HangUp, ShadowCrew and Superzonda.

Superzonda have been known to be a threat for at least the last two years.

The BBC reported in July 2003 that Superzonda operated 24 hours a day, seven days a week, all over the world. Cluley said of them: "Until recently they were sending 50 million spams a day but recent anti-spam legislation has reined them in."

The BBC also reported that Superzonda used British Airways without its knowledge to host a website advertising Russian mail-order brides.

HangUp, based in Russia, is suspected of writing viruses that steal financial information.

Reports claim they plant software bugs to steal passwords, and rent out huge networks to send viruses and spam. HangUp allegedly has 4,000 members operating worldwide, including Americans, Brazilians, Britons, Russians and Spaniards.

ShadowCrew were a massive underground network of criminals who bought and sold credit-card details, social security numbers and identification documents. They sold credit-card numbers, email accounts, passports, driver's licences and student IDs, and were estimated to have caused more than $4m (£2m) in losses for card issuers and banks.

However, the US Secret Service broke up the gang in 2004. Cluley said it was "great" that they had been smashed but warned that "they are now fractured" so it could be hard to keep track of individual offenders.

Alice Lander and Graeme Wearden write for ZDNet UK