Internet security experts on Monday warned that the creators of some of the latest computer viruses were using computers infected by the bugs to run online scams to get credit-card information from unsuspecting buyers.
”There is an operation of fake online shops running on infected home computers, which are being controlled by hackers or criminals,” said Mikko Hyppoenen, head of anti-virus research at Finland’s F-Secure.
”Currently there is an investigation going on, and we are trying to find out which viruses they are using. It could be any of the latest viruses, such as Bagle and Mydoom,” he added.
Many of the recent bugs open a so-called back door on infected computers, giving their creators access to the contaminated machines without the owners’ knowledge.
It was first believed that these back doors were mainly used to distribute spam, or unsolicited bulk e-mail advertisements, but in principle they could be used for all kinds of malicious purposes, including fraud, experts said.
”To run fake online stores on infected computers is one of the things a back door can be used for,” said Snorre Fagerland, virus analyst with internet security firm Norman in Oslo.
To avoid being traced, the websites move from computer to computer, leaving buyers with no other real information but the internet protocol address of the infected machine that registered their credit-card information.
The owner of the infected computer has no idea of what is going on.
”There are hundreds of infected computers being used, and the websites are changing locations every 10 minutes or so,” Hyppoenen noted.
”Behind every address there is an infected home computer, making it impossible to trace the people behind the website,” Hyppoenen said.
Many of the fake websites appear to be legitimate online vendors, and an unsuspecting buyer would have little chance of realising that he is dealing with an online scam and not the real thing, Fagerland said.
The groups behind the hoax websites could use the credit-card information they gather either to charge the cards directly or use them for other criminal purposes, police said. — Sapa-AFP