Child's play? children behind some malware in 2012 — security firm
AVG Technologies said that while most of the young malware authors appear to be in it for the thrill, they may not realize their work could go out of hand.
"What is the motivation for this behavior? Most probably these child script writers are not doing it for financial gain, but more likely for a thrill. Essentially, young geeks seek to outsmart their friends and win the games or show off their computer skills," AVG Technologies chief technology officer Yuval Ben-Itzhak said in AVG's fourth-quarter 2012 report.
But he stressed such a game can quickly get out of hand, noting that stealing somebody's account details such as a Steam account with attached software worth $500, or a game account with hundreds of dollars of virtual currency attached to it, "is no laughing matter."
Worse, he said that if the account details are shared via email or social media, "there is a very real risk of cyber-bullying and identity theft."
Ben-Itzhak said they have seen many cases of Trojan horse malware written by children as young as 11, that can steal account login information of online games.
He said these "childish Trojans" have common characteristics, such as:
- Most are written using .NET framework (Visual Basic, C#), a language easy to learn for beginners and is easy to deploy.
- The apps often target online games, social networks or email, by either pretending to give away more virtual currency to an online game or hack somebody's Facebook profile to attract other peers. The main purpose is to get sensitive data.
"Their creations may not be state-of-the-art programming, but still they require a degree of technical knowledge," he said.
Unintentionally leaving traces
But Ben-Itzhak also said the authors unintentionally leave traces in the malware's binary files, which could eventually come back to haunt them.
He cited instances of password stealer send gathered data to the author's personal email address, which they may use to log in to other online services.
"This makes it easy to locate their personal data such as their real name, photos, their school, Facebook profile, using any web search engine," he said.
In one case, AVG learned from a malware written by an 11-year-old boy that he was from Canada, played Team Fortress with friends, and got a new iPhone.
He said that while AV researchers would never misuse this kind of information, some people who peek into binary files will likely have malicious intentions.
"One of the ‘better’ scenarios could be a victim's revenge, whereby they change the password and blocked the malware author's email/Facebook profile.
A much more serious scenario would be complete identity theft and misuse," he said.
PC World quoted the AVG report as saying the Blackhole Exploit Kit was everywhere in the recent quarter, accounting for 40 percent of all online threats detected by AVG over the whole year.
"Other toolkits are chasing it hard as criminals look to make money from the software that serves the malware business, including we now know, children too," it added.