For the average user spam has always been an annoyance. For the average spammer it has always been about making money. For the criminal gangs that have muscled in on this lucrative industry during the last few years it is now about territory and control. Control, that is, of the botnets behind the malware distribution networks that they rent out to the spamming middle men to enable them to ply their trade in relative safety from the crippled arm of the law.
Leading AV researchers at Kaspersky have now identified three criminal gangs which are participating in an increasingly desperate battle of the botnets. This turf war is, as all turf wars have a habit of doing, turning nasty and it is the average computer who is getting caught in the crossfire. No longer are the gangs happy to settle for a slice of the spam pie, they want it all. And that means control over as many compromised third party computers to create the biggest of mega zombie botnets. To accomplish this, the gangs behind the Bagle, Warezov and Zhelatin worms are turning their attention to ridding those compromised computers of rival gang malware infections in order to install their own and gain that control.
Spammers pay a lot of money to rent time on these mega botnets, and the bigger the botnet, the bigger its capacity to distribute spam, the more valuable a commodity it becomes.
Kaspersky Lab senior virus analyst Alexander Gostev writing in the latest Viruslist.com Malware Evolution report states that “war had been declared in cyberspace between the groups producing Warezov and Zhelatin. Taking into account the size of the botnets used by both groups, and their clear aim to conduct a large number of attacks, the situation was clear: this was threatening to become one of the most serious problems on the Internet in recent years.” Gostev identifies three groups from different countries who were all busy with the same thing, creating spam harvesting and distribution botnets. “This brought the three groups into conflict with each other, and they are willing to use everything at their disposal to gain an advantage” Gostev concludes.
The end result has been a huge increase in attacks on users, with an emphasis on developing new techniques to infect end users and evade detection by AV filters. If you need any evidence of this, 32% of all malicious code in email traffic during March 2007 was made up of Trojan-Spy.HTML.Bankfraud.ra according to Kaspersky, and indicating clearly that Bagle, Warezov and Zhelatin have created an epidemic.
Although there has been some success in dealing with high profile botnet related security incidents, including the 57 month prison term for Jeanson James Ancheta for infecting 400,000 computers for botnet use, this really is tip of the iceberg time. The really organised criminals will be using exactly the same techniques to evade capture and to protect the business of criminality as is seen in the drugs war. You can be sure that while sacrificial lambs get jail time, the gang bosses and the real botnet builders will continue to prosper. Until, that is, law enforcement, the judiciary and governments around the world start to take the spam problem as seriously as they do the drugs one. To be frank, I don’t see any evidence of that happening any time soon.