Businesses are at risk from a new generation of targeted
stealth viruses as organised criminal groups exploit weaknesses in
corporate systems to steal sensitive data for profit, security
experts have warned.
The viruses spread in small numbers to avoid detection,
distribute through malicious websites rather than the internet, and
are carefully tested to ensure they do not damage their victims'
computer systems.
The code carries payloads that allow the criminal groups behind
them to download confidential data or extort money by threatening
denial of service attacks.
"The motives of hackers are changing. They work for money. The
quality of the code is better. In the past, infected systems
crashed; now they want hardware to work. There are no global
epidemics as there were in the past," said Eugene Kaspersky, head
of research at Russian anti-virus company Kaspersky Labs.
He forecast that 90% of viruses in 2006 would be
crime-related.
Last year the UK's National Infrastructure Security
Co-ordination Centre warned that criminal groups from China were
sending targeted e-mails to government departments in an attempt to
steal information.
"We can expect attacks to become more deliberate, better planned
and sustained," said Graham Titterington, senior security analyst
at Ovum.
Businesses will need to respond to the threat, but many
companies are in a Catch-22 position as security staff struggle for
funds to fight malicious code that has no direct impact on the
effectiveness of computer networks.
"Systems administrators are happy because their systems work,
but security supervisors are unhappy because they see the virus
traffic going out but have no budget to deal with it," said
Kaspersky.