Click for larger view.
Many malware programs record user keystrokes, capture screen shots, look for passwords, and pass the users Web surfing through a remote proxy server, which can record every bit of data. Phishing, spam, and adware are only making the problem worse.
Criminal Bot Nets
Malware is also becoming much more targeted. A growing percentage of rogue programs include mechanisms such as keyloggers, which are designed to capture confidential information over a long period of time. Hackers design worms to create sophisticated bot networks that infect and control thousands of PCs a night to do their bidding. When the bot net is up and running, the hacker “rents” the malicious network to criminal groups or businesses skirting the letter of the law. They even advertise “The First Hour Is Free” sales.
Security professionals are trying to deal with this trend, but for every bot they remove from a compromised PC, another two are added in the same timeframe. The problem is so widespread that we now have a new malware category -- crimeware -- as formal recognition that malware now springs from professionals.
In its July 2005 newsletter, e-mail security vendor MessageLabs said, “the number and sophistication of targeted e-mail-borne attacks on businesses is rapidly increasing, with the potential to defraud businesses, steal intellectual property, and extort money. Analysis of MessageLabs Intelligence data revealed that over the past year there has been a gradual occurrence of targeted e-mail attacks against businesses and organizations.” The July 2005 newsletter from the Anti-Phishing Working Group warns that phishers “are moving away from some traditional larger targets and hitting a wider base of smaller financial targets.”