Trojans declare war on PC users
Free advice, a growing community of hackers and highly effective malicious viruses are leading to an impending security crisis, warns Robin Bloor.
A security crisis is emerging in the world of computing. This year will prove to have been the worst yet for hacking, and next year will probably be even worse.
Breaches of computer security and the amount of money lost have been escalating since the internet was born.
If you characterise computer security as a battle between the forces of good and evil, at the moment you have to conclude that the bad guys are winning, because they are the ones winning the technology battle.
It all has to do with Trojans. A Trojan is a program that is put onto a computer by hackers to allow them to do nefarious things, like record all your keyboard activity so they can learn your passwords, or take a shot of your screen.
When a hacker breaks into a computer they copy their toolbox - a collection of Trojans - onto your machine. What hackers usually do is try to make their activity invisible so that, even if you know a little about how your computer works, you will be able to see neither their programs nor any traces of what they have done.
So where do the hackers get their Trojans from? They may write them themselves, but actually, Trojans are freely available for download over the internet.
Surprisingly, some are very well written, have a well-designed user interface, and look just like standard Windows applications, until you look at what they are able to do.
Anyone can become a hacker. There are websites that provide free advice on how to do it. The hacking community is growing fast and includes people from all over the planet.
All of this should be of concern, but the latest hacker trick is far more worrying: distributing a computer virus that opens a way in to the computers it infects.
Such viruses emerged a couple of years ago, and since then they have become more sophisticated. As an illustration, here is a brief look at the Bugbear virus, perhaps the most dangerous yet to appear.
First, Bugbear is highly infectious. It uses just about every infection trick any virus has ever used, including email, attaching to programs and worming its way over a network.
Its use of email is a wonder to behold. It looks for address books and sends emails to every name. In addition, it makes them look as if they came from somewhere else.
Thus, if Bugbear infects John Doe's computer, it sends out emails as though they came from Jim Smith (or some other name in the address book). Thus it hides the identity of the machine that it has infected.
It also composes the emails randomly, varying the title from a list that might tempt the receiver to open the email (for example, 'Please Help ...', 'Scam alert!' or 'Bad news').
Bugbear has a definite dislike of security software. It holds a list of 106 security programs which it will shut down if it can. These are either antivirus or firewall programs and include virtually all the major security applications used on Windows PCs. And it tries to hide the fact that it has done this.
It randomly chooses file names for the files it adds to a computer, sometimes spoofing genuine files. In fact, Bugbear does everything it can to hide the fact that it has infected a computer.
On top of this, it installs a back door into the computers that it infects, so that hackers can get in. It also installs a key logger program - a Trojan that records all keyboard usage, including passwords to your systems at work, to your internet bank account or to Amazon or any other e-retail service that you use.
And it doesn't open up the computer only to the hacker that invented Bugbear, but to any hacker who is aware of how the back door works. That means pretty much all of them.
So the commercial nightmare is this: internet businesses, and particularly internet banks, may suddenly discover that their customers are unable to use their services safely.
It is impossible to know for sure how many computers are infected by Trojans or have had back doors installed by recent viruses.
Some estimates have been done by monitoring internet traffic, and the number of PCs runs into millions. It could be as many as five per cent of all computers connected to the internet.
Digital crime is rising and the casual PC user is outgunned and hopelessly vulnerable. Most home PCs don't even have antivirus software installed and, even if they do, most of it protects only against yesterday's viruses.