Forget phish, start fumigating for RATs

Has phishing peaked?
Antivirus companies paint much the same picture.  Once upon a time, viruses written by fame-seeking malcontents were designed to infect as many computers as possible. Now, viruses are designed to infect the right computers and to do so quietly — all with the aim of spiriting off valuable data that can be used to steal money.

Three-quarters of all virus-like programs released to the Internet this year have been designed to steal personal information, said Oliver Friedrichs, a spokesman for Symantec Corp.  Last year, the rate was 36 percent.

In fact, there have been only five widespread virus attacks so far this year, down from 33 last year.

"Attackers are increasingly using new technology," he said. "It is a problem and people are being affected by it."

Why the shift to ratware? There is some evidence that phishing activity has finally peaked.  Jevans said the number of phishing attacks in September leveled off.  Consumers may have finally gotten the message that e-mails which appear to be from major financial institutions are often fakes; so criminals have upped the ante, shifting their attention to these more sophisticated methods that don't require a consumer mis-step.

The trend hasn't escaped the notice of law enforcement. In October, Dutch police announced the arrest of three men —including one teen-ager — who had allegedly amassed an army of 100,000 computers using a Trojan named Toxbot. And last week, the Federal Trade Commission and Microsoft announced a public education campaign around zombie computers.

But the would-be criminals, apparently, are bold. On one Web site that claims to sell such ratware, the list of program features sounds impressive. A few claims:

• "This kind of viruses grabbs {sic} all possible info from victims PC and sends it to the owner of the virus."
• "This technology shows how it's easy to make MS Windows think what there is no your program on PC. It makes program process invisible for Task Manager and other similar programs."
• "This technology shows few FireWalls leaks which allow to bypass notifications and rules while spyware application connecting to remote host. With this technology you can bypass about 70-80% of all personal FireWalls."

According to the site, the program sells for $650. Site authors didn't immediately respond to requests for information. While it's not clear that site is really selling anything, experts agree the technology is out there, and being used to attack consumers and computers.

New security technology takes up the fight
That's part of the reason federal regulators instructed banks last month to come up with new, better ways to authenticate consumers — methods that go beyond use of a simple user name and password that can easily be stolen. The Federal Financial Institutions Examination Council gave banks until next year to come up with improved methods.

Riess said Bank of America is already testing improved security in California. If a customer tries to access its site from a computer that's not their usual haunt, the Web site interrupts to ask a set of personal questions, such as "What was your first's pet's name?" The answers are supplied by the customer beforehand, when setting up the account.

Such personal questions wouldn't stop the most determined of criminals — with a RAT program installed, the criminal could have spied the answer months earlier — but would raise the bar against criminals that simply steal user names and passwords.

Dutch banking conglomerate ING has another anti-keystroke logging technology on its Web site. Consumers have to type their pins by clicking with their mouse on a number keypad displayed on a Web page. Such clicks can't be tracked by keyloggers.

But Gartner expert Litan says criminals have managed to stay one step ahead, and there's no reason they won't continue to up the ante. The next step for RAT programs is continuous screen capture, which would allow a criminal to watch every move a consumer makes online, as if peeking into the room with a video camera. The technology already exists, but it is bandwidth intensive -- a problem that's slowly disappearing as consumers sign up for higher-bandwidth services. ING's system would be easily foiled by continuous screen captures.

"If you put up a 10 foot wall, they're going to find an 11-foot ladder," says CardCops' Clements.  "And consumers don't even know this is going on."

Bob Sullivan is author of Your Evil Twin: Behind the Identity Theft Epidemic.

MORE FROM SECURITY

Security Section Front

Check your junk mail: Might have a contract in it FTC warns of increase in Internet scams Man indicted in hacking of Palin's e-mail Tiny flash drives improve their security Fake YouTube pages used to spread viruses EU proposes more rights for Internet shoppers Gmail 'Mail Goggles' stymie drunk e-mailing Fraud plagues prepaid calling card market GPS 'spoofing' could threaten national security Chinese snoop on Skype, but are they alone? Security Section Front   Add Security headlines to your news reader: