IT security has come a very long way since viruses first started appearing in the mid-1980s – just months after the IBM PC was released onto an unsuspecting business community.

That was two decades ago. Those early viruses have given way to new generations of viruses, trojan applications and other mischievous and downright criminal applications such as keyloggers.

And the bad news is that the criminal fraternity has now woken up to the fact that keyloggers and similar malicious software (malware) can be used to steal money and information from commercial companies.

These organised gangs are making use of the fact that modern viruses and malware are multifunctional techniques to corrupt and/or destroy computer data, as well as propagate copies of the mal-ware to other users.

Not all malware is designed to destroy and wreak havoc, but can have that effect, as witnessed by the recent David Lennon 'email attack' case involving insurance firm Domestic and General Group.

Lennon, now aged 19, caused chaos three years ago for his former employers by generating five million hoax emails after being sacked from his part-time job.

The emails contained sinister quotes from supernatural film The Ring, such as "EvErYoNe WiLl SuFfEr", and looked as if Lennon's ex-colleagues sent them.

The mass email attack between 31 January and 4 February, 2004, caused the insurance company's router and mail server to crash and reportedly cost Domestic and General about £30k.

The case was interesting from a legal perspective, as, while Lennon was summoned to appear at Wimbledon Youth Court, charged with causing an unauthorised modification to a computer under section three of the Computer Misuse Act; the prosecution was dismissed on the basis of there being no case to answer.

Despite the dismissal, prosecutors successfully appealed in May this year, with Lennon re-appearing to plead guilty at Wimbledon Youth Court on 23 August and being sentenced to a two-month curfew and electronic tagging.

The case is an interesting one, as it was the first successful prosecution in the UK for this type of offence.

Most malware we encounter has a much darker intent than simply causing problems with a company's email server. Our experience suggests that organised criminal gangs are using malware as a vehicle for their fraud and/or extortion activities, mainly because computers are central to the operation of most modern companies.

As witnessed by a recent KMPG forensic report, professional gangs are now using malware as a method of extracting money from legitimate businesses through threats, extortion or other criminal means.

KPMG Forensic's fraud barometer report notes that, in the first six months of 2006 there were 123 cases with a value of £653m reaching the courts, compared with 88 cases worth just £250m during the same period last year.

Our research suggests that today's white-collar criminal can extract millions from a company's bank account simply by sitting at a computer in their home or office, and using the internet as a means of launching their attack.

And the internet's anonymity means that it is becoming increasingly difficult to trace the internet calls back to the perpetrator's computer.

The internet calling address (the IP number) is analogous to the telephone number used on the landline telecommunications network but the problem is that IP numbers can be both falsified and hidden, making it difficult for law enforcement agencies to trace their origin.

The international nature of the internet makes it a multinational and multi-agency task to trace even the most average of internet calls, as the call routes can be quite complex.

This is where computer forensics specialists like ourselves enter the frame, as our expertise can assist crime-fighters in their complex task.

Once an internet call has been traced, the real investigation often starts, with our staff assisting both law enforcement agencies and law firms in the subsequent investigation and prosecution.

Prosecutions under the Computer Misuse Act – and conspiracy prosecutions where several individuals are involved – are only the tip of the iceberg when it comes to computer mal-ware attacks.

Our experience suggests that, all too often, the case can involve intellectual property issues, which are quite low down on the courts' agenda when it comes to prosecutions. Our involvement with law firms helps to ensure that a client's intellectual property issues are properly protected, without affecting the outcome of the criminal prosecution.

One interesting point worth noting is that, just as the modern malware uses multiple attack vectors, so today's criminals also use multiple methodologies.

Many criminal gangs do not use the internet directly to attack a company's computer systems, at least initially. They might, for example, bribe or coerce a member of the company's cleaning staff – who might be subcontracted through a third party – to load a game application on the office computer.

That game application might look innocuous enough but it can hide all manner of malware and criminal applications software.

And such hidden malware is not just confined to PCs, as demonstrated by Jesse D'Aguanno, the director of US Risk Analysis firm Praetorian Global, who developed a BlackBerry proof-of-concept malware application this summer.

D'Aguanno hid his attacker software code in a tic-tac-toe game that, if down-loaded and played on a BlackBerry, quietly hacks the company email network linked to the popular mobile email phone.

Most users think of their BlackBerry as a simple email device that also supports mobile phone calls. They are, in fact, much more than this, and are quite sophisticated computer devices in their own right. |

John McConnell is a forensics analyst at Zentek Forensics and Matthew Cowan is a partner at Clyde & Co.