Making money is increasingly becoming a motive for the bad guys, explained Vincent Weafer, senior director of Symantec Security Response. The knock-on effects of this are that malicious hackers are likely to attempt to become more covert.
2004 has seen the continued creation via malware of massive botnets, networks of compromised PCs controlled by attackers. Access to botnets is said to be a tradable commodity, and they are used for profit-oriented criminal enterprise.
The main reasons for these botnets are spam, extortion and denial-of-service attacks, said Weafer. It could be the beginning of the end of the mass mailer. If the intention is to create a botnet, they don’t want to do anything too flashy.
A parallel trend will be that law enforcement could become increasingly involved in tracking down Internet criminals. Now that profit is a motive, that makes it simpler to apply traditional law enforcement techniques, he said.
There’s real money, real victims and they can follow the money, Weafer said. The rise in attacks against e-commerce sites, such as phishing attacks, will help law enforcement quantify the damage of malicious activity, he said.
Weafer also said that the narrowing gap between software vulnerabilities being found and exploit code being produced means we’ll see zero-day attacks. A zero day is an attack against a vulnerability that comes the same day as the vulnerability is widely disclosed.
The term is often also used to refer to attacks where the vulnerability is known but there is no fix available. The recent Iframe vulnerability in Internet Explorer, for example, was exploited by attackers to install Trojans on vulnerable PCs.
We’ve seen zero-day exploits but we’ve not seen zero-day exploits that were used in network worms, the likelihood we’ll see one eventually is high, Weafer said. A network worm using a zero-day and a destructive payload could cause massive problems.
