Virus writers belong to one of four broad groups: cyber-vandals, who can be divided into two categories, and more serious programmers, who can again be split into two groups.
- Stage 1 – In the past, most malware was written by young programmers: kids who just had learned to program who wanted to test their skills. Fortunately, most of these programs did not spread widely – the majority of such malware died when disks were reformatted or upgraded. Viruses like these were not written with a concrete aim or a definite target, but simply for the writers to assert themselves.
- Stage 2 – The second largest group of contributors to malware coding were young people, usually students. They were still learning programming, but had already made a conscious decision to devote their skills to virus writing. These were people who had chosen to disrupt the computing community by committing acts of cyber hooliganism and cyber vandalism. Viruses authored by members of this group were usually extremely primitive and the code contained a large number of errors.
However, the development of the Internet provided space and new opportunities for these would-be virus writers. Numerous sites, chat rooms and other resources sprang up where anyone could learn about virus writing: by talking to experienced authors and downloading everything from tools for constructing and concealing malware to malicious program source code.
- Professional virus writers – And then these ‘script kiddies’ grew up. Unfortunately, some of them did not grow out of virus writing. Instead, they looked for commercial applications for their dubious talents. This group remains the most secretive and dangerous section of the computer underground: they have created a network of professional and talented programmers who are very serious about writing and spreading viruses. Professional virus writers often write innovative code designed to penetrate computers and networks; they research software and hardware vulnerabilities and use social engineering in original ways to ensure that their malicious creations will not only survive, but also spread widely.
- Virus researchers: the ‘proof-of-concept’ malware authors – The fourth and smallest group of virus writers is rather unusual. These virus writers call themselves researchers, and they are often talented programmers who devote their skills to developing new methods for penetrating and infecting systems, fooling antivirus programs and so forth. They are usually among the first to penetrate new operating systems and hardware. Nevertheless, these virus writers are not writing viruses for money, but for research purposes. They usually do not spread the source code of their ‘proof of concept viruses’, but do actively discuss their innovations on Internet resources devoted to virus writing. All of this may sound innocent or even beneficial. However, a virus remains a virus and research into new threats should be conducted by people devoted to curing the disease, not by amateurs who take no responsibility for the results of their research. Many Proof-of-Concept viruses can turn into serious threats once the professional virus writers gain access to them, since virus writing is a source of income for this group.
Why write viruses?
- Fraud – The computer underground has realized that paid for Internet services, such as Internet access, email and web hosting, provides new opportunities for illegal activity with the additional satisfaction of getting something for nothing. Virus writers have authored a range of Trojans which steal login information and passwords to gain free access to other users’ Internet resources. The first password stealing Trojans appeared in 1997: the aim was to gain access to AOL. By 1998 similar Trojans appeared for all other major Internet service providers. Trojans stealing log in data for dial-up ISPs, AOL and other Internet services are usually written by people with limited means to support their Internet habit, or by people who do not accept that Internet resources are a commercial service just like any other, and must therefore be paid for. For a long time, this group of Trojans constituted a significant portion of the daily ‘catch’ for antivirus companies worldwide. Today, the numbers are decreasing in proportion to the decreasing cost of Internet access. Computer games and software license keys are another target for cyber fraud. Once again, Trojans providing free access to these resources are written by and for people with limited financial resources. Some hacking and cracking utilities are also written by so-called ‘freedom fighters’, who proclaim that all information should be shared freely throughout the computing community. However, fraud remains a crime, no matter how noble the aim is made out to be.
- Organized Cybercrime – The most dangerous virus writers are individuals and groups who have turned professional. These people either extract money directly from end users (either by theft or by fraud) or use zombie machines to earn money in other ways, such as creating and selling a spamming platform, or organizing DoS attacks, with the aim here being blackmail. Most of today’s serious outbreaks are caused by professional virus writers who organize the blanket installations of Trojans to victim machines. This may be done by using worms, links to infected sites or other Trojans.
- Bot Networks – Currently, virus writers either work for particular spammers or sell their wares to the highest bidder. Today, one standard procedure is for virus writers to create bot networks, i.e., networks of zombie computer infected with identical malicious code. In the case of networks used as spamming platforms, a Trojan proxy server will penetrate the victim machines. These networks number from a thousand to tens of thousands of infected machines. The virus writers then sell these networks to the highest bidder in the computer underground. Such networks are generally used as spamming platforms. Hacker utilities can be used to ensure that these networks run efficiently; malicious software is installed without the knowledge or consent of the user, adware programs can be camouflaged to prevent detection and deletion, and antivirus software may be attacked.
- Financial Gain – Apart from servicing spam and adware, professional virus writers also create Trojan spies which they use to steal money from e-wallets, Pay Pal accounts and/or directly from Internet bank accounts. These Trojans harvest banking and payment information from local machines or even corporate servers and then forward it to the master.
- Cyber Extortion – The third major form of contemporary cybercrime is extortion or Internet rackets. Usually, virus writers create a network of zombie machines capable of conducting an organized DoS attack. Then they blackmail companies by threatening to conduct a DOS attack against the corporate website. Popular targets include stores, banking and gambling sites, i.e., companies whose revenues are generated directly by their on-line presence.
- Other Malware – Virus writers and hackers also ensure that adware, dialers, utilities that redirect browsers to pay-to-view sites and other types of unwanted software function efficiently. Such programs can generate profits for the computer underground, so it’s in the interests of virus writers and hackers to make sure that these programs are not detected and are regularly updated. In spite of the media attention given to young virus writers who manage to cause a global epidemic, approximately 90% of malicious code is written by the professionals. Although all of four groups of virus writers challenge computer security, the group which poses a serious, and growing threat is the community of professional virus writers who sell their services.
Best Anti-Virus Application that we have tested and used
Years ago, Viruses and Trojans were much simpler in their methods. They mostly exploited vulnerabilities in the operating systems, browsers and applications because simply put, there was nothing protecting them. Slowly the Anti-Virus industry slowly evolved into what it is today.
There are basically to general types of Anti-Virus software platforms.
- Passive – These include the jungle of freeware that either do nothing significantly to stop the virus in the first place and then give you a warning after the fact that the system is already infected.
- Active – This is the only type that you should consider. Usually, they are subscription-based services that actually take a stand between your computer and the inbound Virus.
Decades ago, we started noticing that waiting until after your computer was infected was about as useful as not having anything. Funniest part was that people were actually paying for and installing these do not much of anything Anty-Virus applications. By this time the industry as a whole was evolving and also noticing the same thing. One of the best things they did was to have an annual report that listed how various Anti-Virus platforms performed against each other in a competition of who caught the most, protected the best and maintained the safest stance.
We started noticing one platform that consistently kept coming up at the top every year. That platform was Kaspersky. We tested it extensively and started deploying it on all new installations and existing clients. This was almost two decades ago and we have not had any issues or incidents since then. What used to take hours of penetration testing and hardening configurations has now evolved into install it and forget it, well as long as you keep your subscription.
There are always some that say “Why should I pay a subscription if there are plenty of free platforms?”. That mind set is quickly changed when they see for themselves that they practically have no protection and the cost of restoring everything that was undone by a virus. Unfortunately, some never learn or listen until after they have lost everything much like the people that never backup.
Later some of the competition (Mostly the ones that failed miserably in the annual tests) started making comments that you couldn’t safely use Kaspersky because the owner was Russian and everything as such was a threat. This was so wrong at so many levels that I usually couldn’t decide where to start debunking it.
You can do some research and sooner or later will come to the same conclusion that we did. Kaspersky is safe and effective and you will be glad you made the decision to use it at home and or the office.
Sample Guidelines on Anti-Virus Process
Recommended processes to prevent virus problems:
- Always run the Corporate standard, supported anti-virus software is available from the corporate download site. Download and run the current version; download and install anti-virus software updates as they become available.
- NEVER open any files or macros attached to an email from an unknown, suspicious or untrustworthy source. Delete these attachments immediately, then “double delete” them by emptying your Trash.
- Delete spam, chain, and other junk email without forwarding, in with your company’s Acceptable Use Policy.
- Never download files from unknown or suspicious sources.
- Avoid direct disk sharing with read/write access unless there is absolutely a business requirement to do so.
- Always scan a floppy diskette from an unknown source for viruses before using it.
- Back-up critical data and system configurations on a regular basis and store the data in a safe place.
- If lab testing conflicts with anti-virus software, run the anti-virus utility to ensure a clean machine, disable the software, then run the lab test. After the lab test, enable the anti-virus software. When the anti-virus software is disabled, do not run any applications that could transfer a virus, e.g., email or file sharing.
- New viruses are discovered almost every day. Periodically check the Lab Anti-Virus Policy and this Recommended Processes list for updates.