Cybercriminals are increasingly fighting antivirus vendors and each other in pursuit of illegal gain, Kaspersky Lab said on Tuesday.
The antivirus company said that as profits from cybercrime grew during 2005, criminals increasingly tried to prevent antivirus firms from developing protection against the latest threats. Honeypots that collect samples of malware for antivirus companies were a prime target.
Criminals would use legions of zombie computers called botnets to bombard honeypot networks with data to hinder or stop them working, otherwise known as distributed denial of service (DDoS) attacks, according to Kaspersky's Malware Evolution: 2005.
"If the bad guys are aware of a network that looks suspicious because it's too unprotected — to lure bad code — they can take steps like launching DDoS attacks against that honeypot network. They can then launch other attacks simultaneously [against other targets]," said David Emm, senior technology consultant for Kaspersky.
Worms can also be programmed to avoid domains known to be monitored by antivirus companies.
"Criminals will employ whatever evasive techniques they can," said Emm.
Techniques increasingly used by cybercriminals over 2005 included creating their own packing mechanisms to compress malicious code, so that they can try to avoid detection by antivirus software. Malware creators also now routinely include code to either cripple antivirus updating mechanisms on infected machines or remove antivirus software completely, according to Emm.
Cybercriminals are also increasingly targeting each other to maximise financial gain, according to Kaspersky.
"It's like any kind of economic venture. Those that get smarter survive. Organised criminal structures are run as businesses, and they take over smaller guys," said Emm.
Kaspersky also said that cybercriminals often launch DDoS attacks against rivals to stop them from operating, and attempt to hijack each other's botnets. They also program their malware to attempt to disable any other malware that has already been installed on an infected PC.
"Criminals have realised that it is much simpler to obtain already infected resources than to maintain their own botnets or to spend money on buying parts of botnets which are already in use," Yury Mashevsky, a virus analyst at Kaspersky Labs, said in the report.
"In much the same way criminals attack innocent people, they will attack each other," Emm added.
Kaspersky also reported a five-fold increase in the amount of malware designed to steal financial information over 2005.
Talkback
So organized criminals dont want their viruses to end up in honeypots...why don't the antivirus companies simply take out several IP addresses connected to the major ISPs in each country and attach appropriate servers..that way if for example NTL customers came under attack, there is a very good chance that the honeypot would be attacked too....and if you decide to avoid an ISP because it has antivirus honeypots somewhere inside its network...then those customers are safe!
you could also make the penalty for writing and spreading virui worth while
It is no good hitting them in the wallet they just refill it from the procedes of yet more cybercrime no the punishment needs to be physical painfull harmfull and down right frightening and if that means frying someones nuts via satelite mounted lasers then so be it the net effect would be on the positive side .. fry'em all i say .