Virus Writers Adopting Stealth StrategyVirus Writers Adopting Stealth Strategy

Virus writers who once favored releasing malware that would clog corporate networks by the thousands have shifted to a strategy of secrecy in which they commandeer PCs on the Internet in the pursuit of dollars instead of notoriety, a security expert said Friday.

Security firm Symantec Corp. has seen a dramatic decrease in network-damaging viruses over the last year and an increase in less destructive Trojans that quietly embed themselves into a PC.

Such viruses typically scour computers for people's personal data, such as social security numbers and passwords, and then send the information to a clandestine server, Dave Cole, director of product management for the Symantec Security Response Center, said. The data is usually sold on the black market to criminals looking to use the information to obtain credit cards or raid bank accounts.

The quiet Trojans are also used to host web sites in the infected machines, send spam or take part in denial of service attacks.

Last year, Symantec reported 33 category three and four viruses, which are the type that cause massive amounts of damage. Examples of such notorious viruses include Sasser and Blaster. The worst virus in Symantec's rating system is a category five, which has never been used.

"That's for the apocalypse," Cole said, jokingly.

This year, however, Symantec has only reported three such viruses while seeing a significant increase in category 2 viruses, which are the more stealthy Trojans.

"This year, we've had more category 2 events in the first half of 2005 then in all of 2004," Cole said. "There's a change of strategy. It's really about being stealthy and silent, and stealing data, spamming, hosting malicious websites and phishing."

The latest example of a new quiet Trojan is Abwiz.C, which Symantec on Friday reported discovering in the wild. The virus can infect a computer by the user either clicking on an email attachment or visiting a malicious website, Cole said. Once installed, the Trojan tries to steal personal information and send it to a waiting server.

The Trojan is capable of medium damage to a PC, has a low rate of distribution and rates only a category one.

Earlier this week, security experts reported the existence of a worm that disguised itself as a file coming from iTunes, the popular online music service from Apple Computer Inc. The Opanki worm is distributed through an instant message that reads, "This picture never gets old." Clicking on a link in the message installs the virus, which was discovered on America Online Inc.'s IM service.

Opanki is part of a trend among virus writers who are paid to distribute adware. Adware can display pop-up ads and other forms of advertising to a computer user, as well as track Internet activity.

In the past, adware was distributed primarily by luring PC users to a website, which downloaded the software. Virus writers, however, are now getting more creative in distributing the malicious software in order to make more money, experts say.