Criminals keep PCs under surveillance

Cyber-criminals are carrying out reconnaissance missions on PCs so they can specifically target their victims.

According to security company Prevx, when hackers find a computer that is vulnerable to attack, they download a small piece of malicious software called a downloader. This will initially ‘sniff’ around the victim’s PC, looking at files to analyse.

A demonstration by former hacker Jacques Erasmus, who now works for Prevx, showed graphically how this downloader, of about 1-2kb in size, can set the stage for cyber-criminals to wreak havoc.

"The criminals are taking it to the next level in terms of sophistication," he said.

The downloader can find out which operating system and security software the victim is using. And by identifying the IP address, the software can find out which country the victim lives in, the language used and their internet service provider. It will also look for other vulnerabilities in third-party applications, such as Quicktime, that the criminals can exploit.

Once the analysis is over, the information is sent back to the servers used by the criminals controlling the attack. They can then tweak malicious software such as keystroke loggers and Trojans and download the ones that will work best for them on the compromised PC.

From here on the PC belongs to the criminal and can be used to carry out a variety of attacks and if possible shut down the security software. This software is often what is called polymorphic – it will continually change its ‘signature’ as it tries to outwit security programs.

Personal information, such as bank details, passwords and dates of birth, is gathered by the criminals and can be used for identity theft and to drain bank accounts. The original attackers often use it themselves as well as selling it on to other criminals.

Ed Gibson, a former FBI special agent and now Microsoft's chief security advisor, said people should remember that the criminals are after people's money.

"It's about blackmail and extortion. It's as simple as that," he said.

The hijacked PC will also most likely become part of a botnet. Other criminals can buy the use of a botnet by the hour for further criminal activities such as launching denial of service attacks, sending out spam or distribute more malicious software.

Jacques Erasmus said the criminals have even developed a Trojan that will control a PC’s webcam if it is switched on. Once installed the hacker can stream live pictures from victim's PC back to who ever is controlling it.