Virus Wars Episode II

We all remember last year’s cyber wars between the authors of Bagle, NetSky and Mydoom. That particular war is over. But was a fluke or merely the first war between virus writers going commercial?

Just last week, when I was at CeBit, I talked about new cyber wars. What do I mean? Cyber space is limited only by the number of machines connected to the Internet: some are protected well, but some are not – they are ‘infectable’. What happens when cyber criminals infect most or all potentially vulnerable machines?

For example, take a computer with a spam proxy Trojan infection. Someone is making money from this infected machine. Then imagine the same machine with 10 proxy Trojans installed. Will the Internet connection be good enough to support 10 different spammer bots? Probably not. So what will spammers do to continue making money? Exactly : they will remove competitors.

And this is happening every day now. We’ve just detected a new Proxy Trojan – Trojan-Proxy.Win32.Small.bi, which removes a number of exe files with Trojan like names prior to installation.

We’re seeing adware controllers do the same thing. More and more of the adware samples we receive in our Virus Lab begin by removing competitor adware before installation on the system.

Two different cyber battles already. Hacker/spammer groups are fighting each other. What next?

My prediction would be that after the smaller gangs fight it out among themselves, the winners will absorb the losers and we will see several well organized and large e-gangs emerge instead of the dozens of small groups we have today. Yet another step in the direction of organized cyber crime.

Virus Wars Episode II

Your email address will not be published. Required fields are marked *



APT trends report Q3 2021

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

Subscribe to our weekly e-mails

The hottest research right in your inbox