Virus writers go it slow to prevent detection

NEW YORK — In the past, virus writers seeking fame and attention wrote their malicious programs to spread as quickly and broadly as possible, boasting to colleagues when they manage to cripple hundreds of thousands of computers worldwide in a matter of hours.

But now, many writers are driven by money instead. They write code to turn the computers of unsuspecting individuals into “botnets” — networks for spreading junk e-mail or stealing financial data from others.

Security experts find that some are even taking measures to make sure their programs don’t spread too quickly or too broadly, lest they get detected and blocked.

“If they are able to stay active longer, they make more money,” said Alfred Huger, senior director of engineering with the security response team at Symantec Corp., a software vendor that issued its twice-annual state-of-security report Monday.

Not too long ago, he said, a single person took control of as many as 400,000 computers at once with the help of malicious programs. Today, the average is less than 1,000, making such networks more difficult to track and shut down.

Huger said spammers have been compiling e-mail lists specific to geographic areas, by targeting a single Internet service provider that serves a particular region or by combing mailing lists devoted to a city’s happenings. Messages sent to those lists can be used for scams or the spread of malicious programs, such as those for stealing data.

Virus writers have also judiciously used Web sites with software vulnerabilities allowing for the spread of malicious code, Huger said. They will remove the malicious programs once enough users are infected and restore the malware later, he said.

“They are very careful about the spread,” he said.