| |
How
to Steal Money with a Virus
By
Fernando de la Cuadra, Panda Software
From IT Observer
When talking about the Internet and associated technology, it
is quite common to talk about cyberspace. A parallel universe,
virtual and intangible, in which everything that exists in the
real world can exist through a cable. Modern technologies have
enabled the creation of this digital world in which any experience
is possible.
We are surrounded by devices that can enable everyday activities
to be carried out on the Web. Work, personal relations, business,
leisure... there are few activities in 2006 outside the scope
of the Internet. Perhaps we could demand that technology advances
towards the transmission of physical senses beyond simply sight
and hearing. Smell, taste and touch have not really been explored
to complete our sensory experience in the way that, say, home
cinema caters for our audio and visual senses. I don't believe
we'll have to wait long in this area, in particular with respect
to touch. The pornography industry will soon make its move in
this direction, as gradually everything ends up having its counterpart
on the Internet.
However, more sinister aspects of real life are also bridging
the digital divide. Cyberspace is adopting not just the positive
advances of humanity, but also the most negative aspects of
our society.
Many experts would date the start of personal computing on a
massive scale back to 1981, with the introduction of the first
IBM PC systems. And along with the popularization of the PC
came computer viruses. A wave of malicious code saturated systems.
Although even infections that were then considered disastrous
(Jerusalem, Michelangelo…), gave little insight into what would
happen some years later, when the Web became a mirror of the
real world. If at some time viruses were considered the first
form of cyber life, this life form has evolved at a dangerous
rate.
The authentic creators of malicious code initially created viruses
as a hobby, and now they are genuine professionals earning serious
sums of money. And how is it possible to earn money with a virus?
If we continue to understand the concept of a virus as it was
some years ago, evidently there is no financial return. Destruction
for the sake of destruction, propagation of malicious code as
an objective in itself has no benefit to anyone. Nevertheless,
a small twist in the creation of the code has started to make
this a profitable economic activity.
The shift from real to virtual life is also affecting malicious
code. The creators of malware are now showing an interest in
cyber crime. Illegal activities are now as much a part of the
Internet as e-commerce, the sale of concert tickets or online
newspapers.
Take the following example. A user visits a web page and a window
appears asking for her consent to install small program (spyware).
According to the web page, this is a special content viewer.
In reality, this program will spy on the user's Internet movements
so that the adverts displayed on certain sites coincide with
her lifestyle. Advertising agencies will charge more for this
targeted advertising, bearing in mind that as they know the
habits of the person, they know they are a potential client
of the advertised product.
In this case the user is being robbed, even though she doesn't
realize. Her privacy when using the Internet has been invaded,
she is no longer anonymous. And although many Internet users
will not feel this is important, it is just the first step.
The next step is clear. If a programmer can spy on somebody's
Internet movements, why not go one step further and spy on online
banking operations? On banking websites users enter login details
and passwords which if known would make theft a simple task.
A keylogger registers keystrokes and sends them to a hacker.
Quick and simple: another victim of fraud.
Malware creators already know that they can get money out of
users… so now they need more. And that's what they will do,
despite the obstacles we put in their path, as the amount at
stake is considerable. Firstly, they will try to trick users
into ‘voluntarily' revealing the information they need. Phishing
is oriented towards using subtle tricks to get users to send
their details to the fraudsters who then use them to access
bank accounts, etc. From simple e-mail passwords to credit card
numbers, cyber crooks will try to entice the less-informed and
more vulnerable users to fall for their scams.
Secondly, they have to fight against security companies. As
fraud techniques evolve, so do security systems designed to
prevent users from being affected. But until very recently,
antivirus protection systems were fighting against a factor
that was impossible to control: time.
When a virus took months to spread across a country, reaction
time was not a fundamental problem. But the Internet has allowed
viruses to spread at incredible speeds, and classic protection
systems are no longer viable.
Viruses, spyware, keyloggers, phishing… Each of these threats
represents a serious danger that has created the need for new
protection systems. Obviously the best thing would be to have
an expert on hand all the time to differentiate between good
and bad code, and so, in this virtual world, we can also virtualize
these experts.
Today's security technology allows us to detect when we are
suffering the consequences of malicious code. Given that these
codes will always carry out a series of typical actions, these
actions can be detected with sufficient time to stop the malicious
program. This means that even if the program is unknown (ie,
a traditional antivirus cannot detect it), it is possible to
prevent the consequences of this program.
Thanks to this type of protection, theft of information can
be prevented. We are no longer talking about a Word file containing
your grandmother's recipes. We're talking about access to current
accounts and possible financial ruin due to inadequate protection
levels.
Source:
IT Observer. The original article appeared here
Back
to Security Matters index
|
|
