Want CNET to notify you of price drops and the latest stories?

Soaring malware levels hint at criminal activity

Nearly 8,000 different pieces of malicious code have been detected by Sophos this year--mainly emanating from criminal gangs.

2 min read
Security company Sophos has seen a dramatic rise in the number of viruses, worms and Trojan horses this year as more organized criminals turn to cybercrime.

The company reported last week that it had detected 7,944 new pieces of such malware in the first six months of this year--almost 60 percent more than the same time last year.

The biggest growth was in Trojan horses, programs that can damage a user's files, steal information, or even create a backdoor that can be used to compromise a PC.

Trojan horses cannot self-propagate in the same way as viruses, so they have typically been less prevalent. According to Sophos, their increased popularity shows the extent to which the creation of malware, or malicious code, is increasingly becoming the preserve of professional criminals.

"There's been a shift towards Trojans to make money," said Graham Cluley, senior technology consultant at Sophos.

The IT security landscape has changed over recent months, with credit card fraud gangs, virus writing gangs, spammers and malicious hackers becoming more closely entwined, Cluley said. He cited three gangs who he said epitomized the threat: Superzonda, HangUp and ShadowCrew.

The U.S. Secret Service broke up the ShadowCrew in 2004, but Cluley warned that "they are now fractured" so it could be hard to keep track of individual offenders.

One factor in the malware increase may be the antispam legislation that has been passed in many countries. Although these laws have been condemned as toothless in some quarters, Cluley said the legislation has helped to educate users to avoid unsolicited mail. As such, spammers have been forced to widen their activities.

2005 has seen several high-profile instances of businesses being hit by cybercrime. In March, it emerged that police had foiled an attempt to steal 220 million pounds ($387 million) from Sumitomo Mitsui Bank using keystroke loggers.

The top 10 viruses detected by Sophos so far this year all took advantage of flaws in Microsoft products, as virus writers target what Sophos calls "the great unwashed public."

But attacks directed at specific organisations could also take advantage of problems in other software, Cluley said.

"We're also seeing vulnerabilities in Linux, Unix and Mac software too. No one's perfect," he said.

Alice Lander and Graeme Wearden of ZDNet UK reported from London.