Authored by Jon Mercer in Criminal Law
Published on 12-14-2008

Malware seems to be spreading faster than ever these days despite the efforts of the computer security industry and private corporations such as Microsoft to protect its Windows operating system. Malicious software (or “malware”) takes over a PC and then uses the computer to spread even more malware to other machines. It’s a vicious cycle that has proved difficult to stamp out. In fact, many computer experts now admit they are losing the battle.

It is estimated that cyber-thieves rob computer users of an estimated $100 billion each year through credit card scams, identity theft, and a myriad of other online cons. One Russian company calling itself “The Organization for Security and Cooperation in Europe,” estimates that it pays its illicit distributors as much as $5 million a year. The company sells fake antivirus software that actually takes over a computer.

The company and others like it are flourishing with resources from stolen credit cards and “lifted” personal information from computer users around the world. It appears that cyber-attackers are winning the technology arms race, despite the best efforts of security experts. Patrick Lincoln of the computer and science laboratory at SRI International, a science and technology group, says “Right now the bad guys are improving more quickly than the good guys.” Obviously, that’s pretty bad news for the good guys, and in fact, for all computer users.

By working in countries where the authorities have little concern for prosecuting offenders, the well-financed cyber- thieves have a substantial advantage. Recently, the RSA Fraud Action Research Lab, a security consulting group, discovered a half a million credit card numbers and bank account log-ins that had been stolen by a network of zombie computers that were being remotely operated by an online theft ring.

Researchers at Georgia Tech Information Security Center recently reported that the percentage of online computers worldwide that were infected with botnets, a network of programs connected through the internet that send spam or malware, is likely to increase to 15 percent by the end of this year. The study suggests that there may be as many as 10 million infected computers being used to distribute spam and malware over the internet each day.

The botnet programs are relatively invisible and can move from computer to computer making it nearly impossible for security researchers to detect, let alone, do anything about. In a recent test of 36 leading security antivirus products, fewer than half of them were able to identify the latest malicious software programs.

The sophistication of the programs has developed remarkably over the past two years. Recently, anti-malware researchers at Microsoft disassembled an infecting program that was able to defend itself against other attackers by turning on the Windows Update feature after it took over the user’s computer; a scary new twist that shows just how far ahead the “bad guys” seem to be at the moment.