Online criminals using worm to hook accounts

Virus seen as gang tool to send spam, steal funds

April 25, 2004|By Scott Shane | Scott Shane,SUN STAFF

Once the province of young mischief-makers, computer worms and viruses are fast becoming a tool used by criminal gangs to harvest money from the Internet by spreading spam, stealing credit cards, blackmailing businesses and even creating phony online stores.

Criminals are believed to be responsible for most of the mass-mailing "worms" that have infested millions of PCs throughout the world over the past 18 months.

Many are disguised as innocent e-mails, often appearing to come from a colleague, friend or computer system administrator.

"If society has embraced technology - which is a great thing - so have criminals," says Harold Hendershot, chief of the computer intrusion section in the FBI's cybercrimes division. "Because that's where the money is."

When an unwary computer user is lured into clicking on an e-mail attachment containing one of these worms, he may unwittingly set off a cascade of invisible actions designed to put his PC at the service of computer criminals on the other side of the world.

Technical experts have begun to use the term "blended threat" for this kind of computer code, a virtual Swiss Army knife of malicious functions.

A worm infecting a computer can harvest hundreds of e-mail addresses that spammers, paid by unscrupulous advertisers, can bombard with junk mail. Or, it may hide a spy program to swipe credit card numbers and passwords as they're typed in.

By installing an electronic backdoor to seize control of the PC, the worm can enlist the computer in an invisible army of "zombies." Some of these armies send more spam, while others are weapons that criminals use to extort money from online companies by threatening a mass "denial of service" attack that can knock them off the Net.

Online store scam

In the latest development, worm-infected PCs are being used to host fake online stores that can hop from one hijacked machine to another as frequently as every five minutes. One such scam, identified by the Finnish anti-virus company F-Secure, attracts customers with spam advertising a Web site that offers software at tempting discounts. Their customers wind up with nothing but a bill.

"You have a totally untrackable online sales Web site," says Mikko Hyppoenen, head of research at F-Secure. "They get your money, and they get your credit card number."

Eric Pakulla, a real estate agent from Ellicott City, doesn't know who seized control of his 2-year-old Dell computer, or what exactly the hijacker was using it for when it slowed down and began acting strangely last month.

All he knows is that when a technician came to check it, a diagnostic program showed the criminals in action as they manipulated his PC through his high-speed Comcast cable connection.

"They were literally hacking into my computer as I was watching," Pakulla says. Horrified, he erased the hard disk and started from scratch with new anti-virus software.

Working since late last year, investigators from the FBI and Scotland Yard have been hunting for the authors of such recent worms as Bugbear, Sobig, Mimail, Mydoom and Bagle. But they're also looking for the co-conspirators who are using them for profit, according to security experts who have helped collect evidence.

Some, but not all, of the key offenders appear to be Russians, some operating from their home country, others from Germany and other nations, the security experts say.

Crime network

What makes their operation unprecedented is that they have apparently created loose-knit organizations from previously separate groups of criminals: virus-writers, spammers and credit-card thieves.

"These gangs combine for the first time all three of these professions," says Steve Linford, director of the anti-spam organization Spamhaus, which has provided information to both the FBI and Scotland Yard. "They're actively investigating the information we've been working on for years."

Based in England but relying on a global network of volunteers, Spamhaus has compiled the world's biggest database of people responsible for sending spam. The organization has taken part of its database off-line at the request of investigators who don't want to tip off possible suspects, Linford says.

The FBI's Hendershot, who says he and colleagues are tracking as many as 250 new worms and other bugs a month, declines to discuss the investigations. But any Web surfer can visit the online vice districts and criminal hangouts to get a sense of the gangs' milieu.

On a Russian Web site called Carder Planet, a slick Flash introduction asks: "Feel tired of everyday routine? Want to change your lifestyle? Become one of us! ... . Credit Cards ... will make you rich!"

In a mix of Russian and broken English, someone calling himself "Script" (the term for a series of computer commands) offers credit card numbers for sale: MasterCard for $40, Visa Gold for $80.

"I am accept [sic] Western union, Wire transfer, e-gold, webmoney," Script writes, referring to electronic payment methods and adding, presumably tongue in cheek, "cash in bag."

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.