Malware Money Tough to Trace

As mapping the financial underpinnings of fraud remains daunting, scammers continue to make off with the loot.

Experts agree that the most effective way to defeat the current onslaught of technology-related attacks would be to dismantle the economics that back them up.

On Sept. 13, a Moroccan court handed out short-term jail sentences to two college-age malware code writers found guilty of launching the Zotob worm virus in August 2005. The conviction of the two young men—along with the pursuit of other virus writers who take down computer networks for the sake of it—highlights law enforcement officials ability to trace the roots of such attacks. Still, law enforcement officials, consumer advocates and security researchers concede they are making little progress in tracing the finances of those individuals who are using IT-based crimes to make a profit.

While attacks such as Zotob cripple productivity on computer networks around the world, most technology experts say that a more serious threat is current money-thieving schemes that attack corporate infrastructure and lurk on the Internet. As criminals have shifted their activity from scattershot attacks on IT infrastructure to targeted fraud leveled at specific businesses and individuals, they have become even harder to track down.

And although laws that force businesses to disclose data breaches are shedding light on those incidents, there is likely an epidemic of unreported computer crimes that involve the theft of cold, hard cash, said David Marcus, security research manager at software maker McAfee.

/zimages/3/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Deciphering the web of finance and money laundering shared by those committing the attacks is virtually impossible, he said.

"Its likely that there are many, many attacks that steal money from businesses that never even get reported, so these guys are getting away with it and no one can follow where the money is going," said Marcus, who works in McAfees Avert Labs, in Santa Clara, Calif. "[Thieves are] using online payment companies to launder their profits and exploiting the shortcoming of international law enforcement [so that they can] run and hide their money in any number of ways."

Underground networks aside, criminals are still capable of using popular payment networks including online sites such as PayPal and E-Gold to mask their activities, the researcher said. E-Gold is becoming increasingly popular, since users can circumvent government tracking of paper currency by dealing in shares of precious metal.

Law enforcement officials agree that its almost pointless to go after the fraudsters carrying out targeted attacks such as phishing schemes against banks and other financial institutions. Instead, theyve turned their attention toward stopping the influx of adware and spyware being distributed on the Internet. At least there is some hope in tracing spyware attacks—believed to feed into widespread identity fraud efforts—and the unscrupulous Web advertising programs to which the attacks are often linked, said Justin Brookman, an assistant attorney general for the state of New York.

"We havent even begun to look at the finances behind a lot of the pure fraud, such as phishing, because of the sheer volume of what is going on; we can have a greater effect in hunting down adware and spyware purveyors," Brookman said in New York. "Were primarily looking at adware right now because there is so much money going into it; were dealing with large companies that make millions of dollars per year who are much easier to find."

/zimages/3/28571.gifRead more here about the current state of cyber-crime.

Brookman, who led the New York state attorney generals case against Intermix Media for distribution of spyware that led to $7.5 million in penalties levied against the company, said that progress is limited by state and federal governments lack of resources to solve the problem in the United States and by some foreign governments lack of concern over the issue.

However, even in the adware and spyware arenas, there remain serious impediments to following and stemming the money stream, experts say. In some cases, the lax enforcement of standards used to determine the legitimacy of online advertisers by major technology companies—including search giant Yahoo and Internet phone software maker Vonage—is helping to sustain the adware and spyware sectors, researchers contend.

Those companies are guilty of feeding the finances of the malware industry by dealing with companies such as Intermix and Direct Revenue, another company pursued by New York State Attorney General Eliot Spitzer for distributing adware and spyware, said Ben Edelman, an attorney and IT security researcher, in Cambridge, Mass.

Edelman is part of a group that has filed a class action suit against Yahoo for placing ads with known spyware vendors and misleading its own advertising customers in the process. He maintains that Vonage is still working with suspected spyware and adware purveyors despite having been outed for dealing with Intermix in the New York state attorney generals previous lawsuit.

Edelman said that it may someday become easier to find out which adware and spyware distributors are doing business together but that many of the companies will be hard to pursue legally because they typically offer some legitimate services.

"If these large companies agreed to cooperate and shut down the networks of adware makers, that could be of significant help, but its not happened," said Edelman. "In general, the money trail is still very hard to follow because the players have become significantly more sophisticated at ways of hiding what theyre doing and how theyre doing it."

Consumer advocates agree that the outlook for cutting off finances to stop technology-based crime remains bleak, with the only real beacon of hope being the ability to fight companies that straddle the lines of legality in the adware space.

"Just like everything else on the Internet and in the IT world, the finances that back the crimes are so distributed they are hard to figure out," said Alissa Cooper, a policy analyst at the Washington-based Center for Democracy and Technology. "Its becoming even harder to track with the proliferation of shadowy channels on which criminals dealings can be made anonymous."

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.