Phishing Attacks Up 366 Percent

[Chris]

A recent security threat report issued by Symantec.com detailed a number of the threats facing computer and Internet users in their travels.

The most prevalent threats are apparently those that attempt to steal identity-related information like phishing attacks. Arthur Wong, vice president of Symantec Security Response and Managed Security Services, says, Attackers are launching increasingly sophisticated attacks in an effort to compromise the integrity of corporate and personal information."

As indicated, the report details these threats and discusses the attacks making use of the various methods:

Rise in Threats to Confidential Information
The report indicates threats to confidential information represented 54 percent of the top 50 malicious code samples received by Symantec. Trojan horses are the primary vehicles of this type of attack.

Steady Increase in Phishing Attacks
This one is the biggie. Symantec's report reveals phishing attacks are up an astounding 366%. "By the end of December 2004, Symantec Brightmail AntiSpam antifraud filters were blocking an average of 33 million phishing attempts per week, up from an average of 9 million per week in July 2004." Unfortunately, Symantec expects this trend to continue its increase.

Increase in Attacks Against Web Applications
According to Symantec, "Nearly 48 percent of all vulnerabilities documented between July 1 and Dec. 31, 2004 were Web application vulnerabilities." Because web apps are approved by firewalls (in order to access the Internet), the security characteristics are avoided. Web application attacks include exploiting vulnerable web browsers.

Rise in Number of Windows Virus/Worm Variants
Because of the proliferation of Windows-based computer environments, the number of viruses and malicious programs targeting Microsoft's software continue to grow at an accelerated rate. Symantec's report reveals, "From July 1 to Dec. 31, 2004, Symantec documented more than 7,360 new Windows 32 virus and worm variants. This represents an increase of 64 percent over the previous six-month period. As of Dec. 31, 2004, the total number of documented Windows 32 threats and their variants was approaching 17,500."

Increase in Severe, Easy-to-Exploit, Remotely Exploitable Vulnerabilities
With the increase in attacks based solely on executable programs and code, the ease of getting these programs to perform their malicious duties has also increased. Symantec indicates, "70 percent were considered easy to exploit, which means that either no custom code is required to exploit the vulnerability or that such code is publicly available. Compounding this problem is that nearly 80 percent of all documented vulnerabilities in this reporting period are remotely exploitable, which likely increases the number of possible attackers."

Symantec also made mention of additional security risks faced by users today. These risks focus on adware and spyware. According to Symantec, "lefeats was the most commonly reported adware program, accounting for 36 percent of top 10 reports," while Webhancer was the most frequently reported spyware program.

Read the full report here


Hackers Grab 59000 California State University Ids

A report by Reuters revealed the results of a massive hacker attack made against California State University. According to the report, the personal identity information of 59000 students may have been compromised during an attack on the school's servers.

The article reveals,

California State University, Chico in northern California is alerting students, former students, prospective students and faculty that their personal information, including Social Security numbers, may have been compromised in the attack three weeks ago, said spokesman Joe Wills.

"It looked like it was illegal access to do some, perhaps, some downloading of files," Wills said. "In investigating it we realized the hackers had some access to a great deal of personal information."

The university is continuing its investigation.


Cialis Top Spammer Disguise Word

Sophos.com issued a report detailing the most popular words spammers like to target and use to disguise their mailings. According to their research, the erectile dysfunction drug Cialis is the most common marketing term used by spammers attempting to pass their spam off as legitimate marketing emails.

Graham Cluley, senior technology consultant for Sophos, explains what is meant by disguising these keywords, "Spammers have a dilemma. They want to sell certain products or include certain phrases in their spam emails, but they also know that many people will have filters looking for those words and are automatically junking them. For this reason they use ‘obfuscation' to try and disguise the words from the anti-spam software."

To view the list of top marketing terms used in spam mailings, please read Sophos' report. Caution, many of these words are adult-related.