The worm wars
Beginning in the early part of 2004, malware authors vying for dominance launched a very public battle for control of PCs. These worm wars started with the arrival of Netsky.B in February 2004. Netsky.B attempted to remove variants of the January 2004 MyDoom worm. By March, a virtual online battle was being waged between the authors of MyDoom, Netsky, and Bagle. A text string in Bagle.J issued a warning to the Netsky author, "Hey,NetSky, f*ck off you b*tch, don't ruine our bussiness, wanna start a war?"
Arrested development
While the Bagle worm author may have had money as a motive (several Bagle and MyDoom variants have been implicated in spam proxies and botnets), the author of Netsky had no such ambition. Arrested in May 2004, the German teenager Sven Jaschan – who also wrote the destructive Sasser worm – created his worms simply because he could. Ironically, the person who turned Jaschan in to authorities was motivated by cash - a $250,000 bounty from Microsoft, to be exact.
Other virus writers arrested in 2004 included Kim Vanvaeck a.k.a. Gigabyte - a female virus writer with a penchant for media attention, and Alex G – the alleged author of the insidious Agobot a.k.a. Phatbot Trojans. The April to August Operation Web Snare resulted in the conviction of 53 criminals and over a hundred arrests for activities ranging from hacking and counterfeit software, to phishing and identity theft.
Also in August, Nicholas Tombros was arrested for CAN-SPAM violations. Tombros was dubbed the ‘drive-by spammer’ after it was disclosed that he allegedly sent the spam using unsecured Wi-Fi connections he discovered while driving. In October, a self-proclaimed reformed spammer, Sanford Wallace, faced charges from the FTC for allegedly forcing spyware onto users’ PCs and then pushing pop-up ads selling anti-spyware programs to remove it.
Gainful employment
Some malware authors found gainful employment in 2004. The Czech company Zoner Software hired Benny, a former member of the 29A virus-writing group, as the main developer for their intended Zoner Antivirus product. Likewise, the German-based security firm SecurePoint provided the Netsky author with a job shortly after his arrest. Since the skill set for writing viruses is vastly different than the skill set required for developing antivirus solutions, one has to wonder whether the hirings were merely marketing attempts to gain attention for these little known companies. In any case, would you buy a security solution from someone who gets a rush from writing malicious code? Would you trust it? Could you?
Scams, shams, and fraud
Phishing scams continued in high gear throughout 2004, using email cleverly disguised as correspondence from legitimate financial institutions in an attempt to gain sensitive account details. The notorious Nigerian 419 schemes and International Lottery scams also flourished throughout 2004, proving that formerly brick and mortar snake oil salesmen have fertile hunting grounds on the Internet.
Also prevalent throughout 2004, spyware, email with links pointing to booby-trapped websites, and huge volumes of spam affected much of the online community. Rather than risk losing online consumers, ISPs began offering free antivirus and security suites and some antivirus vendors expanded their protection to include spam filtering, firewalls, spyware detection and a host of other security features.
You – not your computer – are most at risk
Perhaps the most important lesson learned in 2004 is that malware should not be considered a prank. The stereotypical repressed male teenager writing viruses for fun is now more myth than reality. Today’s threats have their roots in organized crime. Whether to make profit from spam or to steal your identity, the virus that hits your computer tomorrow can impact your pocketbook long before you realize it has impacted your PC. Tomorrow’s threats take the worry far beyond lost data – and into the realm of irreparably damaged credit and outright identity theft. Are you prepared?