6 new ways hackers are using malware
Malware, the malicious viruses and bugs employed by computer hackers to con and annoy, has become more prevalent in Canada than ever before, according to computer industry research.
In fact, the volume of malicious software detected in 2011 was up 41 per cent over the previous year, said Dean Turner, director of Symantec Intelligence Group.
At the same time, the complexity of computer viruses is also increasing. Long gone are the days when they were nuisances that scuttled Word documents.
"The long and short of it is that today's malware is incredibly sophisticated," said Turner, who estimated that 90 per cent of it is used for cybercrime, aimed at banks and businesses as well as personal computers.
Among the more prominent attack points these days:
Break into your (Android) phone
When it comes to today's smartphones, Malware is still a relatively new phenomenon but one that Turner says is growing rapidly.
There are currently 67 malware "families," groupings for malicious software, for mobile phones now, compared to fewer than 10 in January 2010, Symantec reports.
Turner notes that Android's open-source model for phone apps — compared to Apple's heavily vetted system —makes the Google devices a particular target.
"Trying to create malware for any mobile device is difficult," said Turner. "It's more about Trojan applications — apps purporting to be one thing but that are actually stealing your data.
"That's much more difficult to do in the Apple world than in the Android world."
In December 2011, Google removed 22 apps from the Android market on the grounds they were scamming users into paying premium SMS charges for texts.
Target you via social media
Social media is also proving to be fodder for hackers who use sites like Facebook and Twitter to target who they will send their malware to next.
In 2010, hackers found a loophole in Adobe's software and sent a number of golf-playing executives a malware-ridden pdf file claiming to contain tips from noted golf instructor David Leadbetter.
"Want to improve your score? In these golf tips, David Leadbetter shows you some important principles," the message read. Turner said that the executives were likely targeted because of social media profiles that highlighted their enthusiasm for golf.
Hold your computer ransom
"Ransomware" has emerged as a popular scam for small-time hackers. It typically involves holding a computer hostage with the threat to erase the data unless a payment is made.
The RCMP just issued a warning this week about the so-called Revton Trojan, a recent example of ransomware that freezes a computer and demands payment for a supposedly illegal activity.
In Canada, this malware was employed to freeze computers and send a pop-up message, purportedly from the Canadian Security and Intelligence Service claiming that the address had been linked to downloading child pornography and would remain frozen unless the user made a $100 payment through an online payment site.
Other variants of the scam have accused users of illegally downloading music, viewing pornographic videos or sending spam messages.
A Trojan is software that appears to be a legitimate program, but is in fact malware capable of stealing information or endlessly replicating itself.
Direct you to money-making sites for hackers
Another malware virus called DNSChanger may end up closing a portion of the internet for a time on July 9 as the FBI shuts down a series of servers deployed in the wake of a massive international fraud.
In November 2011, a two-year international investigation called Operation Ghost Click revealed that over 25,000 computers in Canada were infected with the DNSChanger virus.
The malware redirected web browsers to sites of the hackers' choosing and netted the scammers nearly $20 million over four years in "per-click" advertising revenue for those behind the virus, according to Paul Vixie, chairman and founder of the Internet Systems Consortium.
The virus originated in Estonia and was distributed through emails, websites and malware scripts.
The number of computers affected worldwide, estimated to be over 650,000 computers, was enough to convince the FBI to establish temporary "clean" DNS servers that would allow users of infected computers time to rid their computers of the virus and still access the internet. But those temporary servers go offline permanently on July 9.
Espionage
In 2010, a powerful virus known as Stuxnet targeted Iranian nuclear centrifuges, reportedly shutting down over 1,000 of the machines used to refine uranium.
Eight months later, a second virus known as Stars attacked the same country's nuclear facilities.
Then, two months ago, cybersecurity experts uncovered a worm capable of mining vast amounts of data from infected machines. Known variously as Flame, Flamer or Skywiper, the malware uses a variety of tactics to steal sensitive information, including, surveying network traffic, taking screenshots, including during instant messaging programs, recording audio conversations via an infected computer's internal microphone and collecting passwords.
Because of its sophistication and geographic targets, primarily in the Middle East, the malware is believed to be work of government spy agencies.
"Now we've found what might be the most sophisticated cyberweapon yet unleashed," Alexander Gostev wrote in May on the website of Kaspersky Lab blog. "Flame is one of the most complex threats ever discovered."
Hacktivism
While most malware is rooted in cybercrime, some hackers are increasingly attaching a political or activist message to their work.
"This is a pitched battle over the terrain of democracy on networks, freedom of expression in the internet age," Dwayne Winseck, a professor at Carleton University's school of journalism and communications, said to CBC News last year. "So it ain't gonna stop."
Data breaches in the name of a social or political cause were responsible for 58 per cent of stolen data in 2011, according to the Verizon 2012 Data Breach Investigations Report.
Recent high-profile incidents of hacktivism include the hacking of the websites for the U.S. Department of Justice and the FBI by the group Anonymous in January 2012, in response to the shutdown of the file sharing Megaupload; and the takeover of the Fox News politics Twitter account on July 4 (Independence day), 2011, in which hackers posted false tweets claiming President Barack Obama had been assassinated.
In October 2011, Anonymous claimed to have uncovered and taken offline more than 40 child pornography sites. The group also posted a list of over 1,500 of the sites' usernames.
Corrections
- In an earlier version of this story, Dean Turner's name was spelled incorrectly.Jul 06, 2012 11:18 AM ET