Follow the Money Trail

The SoBig.E and SoBig.F worms were created to open back door

access to infected computers. Those worms and others can update

themselves and contact predetermined servers to acquire new

instructions. A new trend in these worms includes the ability to

use hijacked computers as e mail servers to send spam without

the knowledge of the computers’ owners. And spam is perhaps the

least worrisome danger associated with back door control of infected

machines.

“There are still 400,000 to 500,000 computers infected,” said

Christopher Faulkner, CEO of C I Host, a company that provides

Internet hosting services. Given such a large base of infected

computers, the foundation already has been laid to carry out massive

malicious attacks.

“Spam is still prevalent — somebody must be making money,” said

Shema, who is also director of research and development at NT

OBJECTives, a provider of application and Web services security. “All

of this activity is motivated by money.” It is difficult to dismiss the

significance of discoveries made by several research groups that have

been monitoring Internet crime. For example, the Honey Net Project —

a nonprofit research organization of security professionals —

published a report describing how the organization has monitored

individuals trading or dealing with stolen credit card information

over the Internet.

The researchers found that criminals have developed highly

sophisticated mechanisms for distributing stolen credit card informa

tion “through specialized IRC channels and related Web sites”.

Indeed, Honey Net researchers discovered that automatic bots were

running on at least a dozen IRC channels to enhance the organized

dissemination of stolen credit card information.