Cyber-crime's latest menace

The vocabulary of cyber-crime has always been colourful. From the discourse that brought us 'evil twin' attacks, the Love Bug and the notorious Silver Lords gang comes a new threat: fast flux, or what in some circles is called 'dynamic website repositioning'. Fast Flux is a technology that enables criminals to constantly shift the locations of websites from which they launch their operations - in some cases, after a site has existed for only a matter of seconds. In the time that a user has clicked around 5 pages on a website, they may unknowingly have been bounced between servers in Eastern Europe, China, Brazil and the US, leaving law enforcement with almost no way to trace the origin of the malicious software, experts said. "It's like chasing shadows," said Nick McGrath, a director of security at Microsoft, adding that the number of fraudsters using fast flux had increased dramatically in recent months following the technology's emergence nearly a year ago.

According to Trend Micro, the security firm, fast flux was the basis of a series of attacks on the social networking site MySpace in July, where users would get a 'friend request' that, when they clicked on it, directed them to another site which tried to infect their machine. "It's a bit like constantly unhooking one site and hooking up another - a kind of website round robin," said David Perry, a security consultant at Trend Micro. "The problem is that a lot of security products use 'static lists' of websites known to be responsible for malware when they do their blocking. Constantly changing the URL is a way of getting round that." Fast flux can be used as a technique in any type of cybercrime attack from spam to viruses, phishing, 'keyword logging' - where a user's password is captured, and attacks on corporate networks. Experts said that although it was possible to trace the existence of such sites after they had disappeared - "There's always a fingerprint", Mr McGrath said - it was much more difficult than if operations were concentrated on one server.

Police said that the ability to track such activity also depended to a much greater degree on co-operation from foreign Governments, which was not always forthcoming. Garreth Griffith, head of risk at PayPal, the online payment service, said: "A couple of years ago fraudsters were picking the low lying fruity - now as we get better at chasing them, their methods are getting more sophisticated." Fast flux is expected to be high on the agenda at a meeting of cybercrime experts in Romania next week.