News

Firms warned of stealth virus risk

Bill Goodwin

Businesses are at risk from a new generation of targeted stealth viruses as organised criminal groups exploit weaknesses in corporate systems to steal sensitive data for profit, security experts have warned.

The viruses spread in small numbers to avoid detection, distribute through malicious websites rather than the internet, and are carefully tested to ensure they do not damage their victims' computer systems.

The code carries payloads that allow the criminal groups behind them to download confidential data or extort money by threatening denial of service attacks.

"The motives of hackers are changing. They work for money. The quality of the code is better. In the past, infected systems crashed; now they want hardware to work. There are no global epidemics as there were in the past,"  said Eugene Kaspersky, head of research at Russian anti-virus company Kaspersky Labs.

He forecast that 90% of viruses in 2006 would be crime-related.

Last year the UK's National Infrastructure Security Co-ordination Centre warned that criminal groups from China were sending targeted e-mails to government departments in an attempt to steal information.

"We can expect attacks to become more deliberate, better planned and sustained," said Graham Titterington, senior security analyst at Ovum.

Businesses will need to respond to the threat, but many companies are in a Catch-22 position as security staff struggle for funds to fight malicious code that has no direct impact on the effectiveness of computer networks.

"Systems administrators are happy because their systems work, but security supervisors are unhappy because they see the virus traffic going out but have no budget to deal with it," said Kaspersky.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy