Trojans, vulnerabilities, spam and crime loom large.
Symantec
and
Kaspersky
have both released overviews of security dangers faced in the first half of 2006 this week, and both present a fairly gloomy picture.
The
Kaspersky
study showed a steady rise in new trojans, and new variants of existing ones, particularly backdoors, downloaders and data-stealing spyware, while self-replicating malware declined slightly. Also big between January and July, the nasties known as ‘ransomware’ or ‘extortionware’, encrypting data and demanding fees for the password, and also cyber-blackmail. 40% of web probes and attacks came from the US, while spam rose from a low of 44% in early January to a high of 86% in late February, and became steadily more criminalised – a trend which is expected to continue.
Also facing us in the future, the Russian firm predicts more spyware, and continued use of browser holes to initiate silent drive-by downloads onto the computers of unsuspecting users. Mobile phone hacking and malware are also expected to rise, as phones get more sophisticated and more widely used.
Browser holes were also highlighted in
Symantec
‘s report, with stats including 69% of vulnerabilites affecting web apps, 47% of all browser-based attacks targeting
Microsoft Internet Explorer
, which had a mere 38 vulnerabilities compared to
Mozilla Firefox
‘s 47, but left them unpatched for an average nine days compared to
Firefox
‘s one day.
Microsoft
‘s record on patch speed was good though, the fastest among OS vendors, along with
RedHat
, at 13 days to develop fixes, leaving
Apple
(37 days),
HP
(53 days) and
Sun
(89 days) in their dust.
Also logged by
Symantec
, an average 6,110 DoS attacks per day, mostly targeting ISPs in the US, with 20% of the zombies sitting in China and 42% of the herders based in the US. Phishing was up by 81%, with spam making up 54% of all email sent, 58% originating from the US. Phishing mainly focused on financial services, while spam’s favourite subjects were health-related. Almost 7,000 new viruses and worms were identified, but five of the top ten new malware families were trojans.
Coming up in the future, more polymorphism in viruses, attacks on new web technologies such as AJAX, potential
Windows Vista
vulnerabilities, and indeed more vulnerabilities in general.
The
Kaspersky
report can be read in full
here
.
Symantec
‘s study can be found
here
, with a summary press release
here
.
Posted on 26 September 2006 by
Virus Bulletin
Leave a Reply