Spyware, adware, viruses, worms, Trojans, bots, phishing, hacking and vulnerabilities. Yes, these are the issues that every user has to put up with on a daily basis. What is worse, however, is that it does not look as if any of these problems are going to disappear in the near future.
According to research carried out by security company McAfee Inc., bots and mass mailers were the predominant method by which virus writers were distributing their viruses among users and companies during 2004. The report also went on to say that virus exploits and adware accounted for over 60 percent of malicious attacks during that period. What is more is that the company foresees a general increase in these attacks during 2005.
?Many users are still not educated enough in the realm of security. They understand what a virus is and that it can be detrimental to their machine, but a lot of users do not understand that merely ignoring executable attachments is not enough,? says Karla de Jong, senior systems engineer at McAfee SA. ?Users need to be informed that merely going to a Web site without any active protection is all that is needed to attract some sort of malware.?
McAfee?s Antivirus and Vulnerability Emergency Response Team (Avert) predicts that unwanted content transmitted via the Internet will be on the rise during 2005. ?Programs written to distribute malicious code over the Internet such as bots are becoming more and more complex,? says De Jong.
?In 2004, the rise in viruses, worms, phishing, adware and vulnerability exploitation surpassed what was noted in 2003,? says De Jong. ?Although we saw a steady 5 percent decrease in the rate of virus production from 2000 to 2003, we saw an increase in 2004, which can be partly attributed to Bagle and NetSky authors feuding, as well as a general lack of awareness with regards to adware and other such programs.?
McAfee Avert assessed 46 threats as medium risk during 2004 as opposed to 20 threats during 2003. Also, threats using vulnerable systems during 2004 reached 380, almost double the amount of 2003. ?We believe that this number is going to grow, as virus writers and hackers take more interest in finding better ways to exploit vulnerable or unpatched systems,? De Jong states.
?Spyware and adware are by far becoming the biggest concern today,? she says. Today?s adware is more often categorized as surveillance-driven spyware, programs that are dropped onto a user?s system and installed without their knowledge. In addition, spam that is encoded with exploit capabilities to install spyware has become an increasing issue among consumers. On average, at least 13 adware components can be found on every machine according to Avert.
Consumers are more affected by spyware or adware threats and less by email-borne threats, because most consumers use Internet service providers that proactively scan and clean e-mail viruses before being delivered to the consumer, the company says.
The other big concern in the security industry is that of phishing and identity theft. ?Phishing became a major concern in 2004. It threatened both enterprise and consumer users worldwide, and shows no signs of slowing down,? says De Jong. Phishing is the distribution of e-mail messages that have return addresses, links and graphic art that make the e-mails appear to be from a legitimate source but actually obtain private financial information, such as passwords and Personal Information Numbers (Pins). A report by the Anti-Phishing Working Group, an industry association, stated that 176 new phishing attacks were reported in January last year. By June last year, that number had skyrocketed to a reported 1 422 unique phishing attacks, and now stands at 1 518 for the latest reported month of November. Once again, De Jong says that users need to be more educated in phishing techniques, as she says she does not see them coming to an end in the near future.
?In 2005 we also see an increase in mobile viruses. With more mobile phones and PDAs coming out with Bluetooth and other wireless communication interfaces, the spreading of viruses among these devices could be as easy as walking into a hotspot and infecting everyone connected to the hotspot,? she concludes.