The purpose of malware has changed since its inception. It was originally created for bragging rights among what were more or less hobbyists. Crashing computers with pranks was done for fun and glory. Then came the Internet with eCommerce and today it's quite different.

Today malware is created with a new goal in mind – cold hard cash. Malware authoring is now a lucrative criminal enterprise. No longer is it created by some guy in a basement at 3 in the morning, it's more like a 9 to 5 professional operation.

Changing landscape

Yesterday's malware splashed crank messages across the user's desktop. Today's malware targets vulnerable computers and secretly infects them, converting them into "Zombies" in well-organized BotNets.

These Bot networks of zombie machines are used to push ever-increasing amounts of spam. They are used to attack Web servers in extortion protection rackets. They can also just sit and monitor all of the financial data, usernames, and passwords that come their way – and to send that information to the highest bidder.

So what can be done about it? The obvious answer is to educate everyone and make them mindful of the risks. But this idea stops short unless we can educate all the members of the online community including those joining it for the first time. A second alternative might be a more secure Operating System. Again, this would help but how can an OS protect a user from willingly giving away his credit card details? Antivirus, antispyware software and firewalls are a must of course and will help a great deal but even they can't protect the online community against all the evils of the Internet.

So, what's the answer? How about this – catching the bad guys?

Sounds easy, doesn't it? Unfortunately that's not the case at all. Just imagine this. A trojan is being developed in Europe. That trojan is being distributed on a website in the US using a vulnerability in Internet Explorer. The same trojan, once installed on a PC somewhere in the world, will connect to a web server in Brazil to download additional components to install, among other things, a keylogger.

That keylogger will send online bank login credentials found on the system to a mailbox in India. The information gathered from the infected PCs is later sold to a person in Spain. Sounds complicated? It is and just imagine the trouble a law enforcement agency has to go through to make an arrest. And if they do, by which countries laws should they prosecute? The above example is a real case and there are hundreds of these cases every week.

Need of law enforcement

So how can the law enforcement agencies around the world become better at what they're doing, what can we change to make their lives easier? Two words: Training and advice.

The industry needs to further develop the ties it has to law enforcement. The police are the users that need the skills to recognize computer crime and learn how to obtain important information to build a case. Only then will they be able to find and break the weak link in the chain.

We should also create forums and non-profit organizations where private and public sectors can come together and share information with each other. The United State's FBI has a forum like this based in Philadelphia and apparently it works great but we need to do this outside of the US as well. We need to put a stop to the bad guys now, before it gets further out of hand.

About the author

Patrik Runald is a senior security specialist at the F-Secure Security Labs. He has been in the IT security industry since 1995 and joined F-Secure in 1999. Patrik invites any law enforcement agency to contact him for a visit to F-Secure's Security Lab in Kuala Lumpur, Malaysia for training and advice on how to better spot criminal activities based on malware.