Phishing rises, bots slow down

Data-thieving phishing Web sites are on the rise, but other pests, such as remote-controlled bots, show unpredicted signs of decrease, according to research from McAfee Avert Labs.

Jeff Green, senior VP of McAfee Avert Labs and product development, says there are more vulnerabilities to worry about than ever before. Microsoft issued 35 security bulletins, 25 of which were tagged critical and nine important, in the first six months of 2007. During the same time-frame last year, Microsoft issued 32 bulletins, of which 19 were rated critical and 10 were considered important.

The company's Avert Labs says the top threats for the rest of the year are:

The number of phishing Web sites continues to rise exponentially. McAfee Avert Labs saw a 784% increase in phishing Web sites in the first quarter of 2007, with no slowdown in sight.

Green says these Web sites typically use fake sign-in pages for popular online services such as online auctions sites, online payment processors or online banking.

Avert Labs anticipates increasing abuse of sites meant for online collaboration such as wiki pages and online applications. "Even Internet archive sites will suffer," he adds.

"The total amount of spam caught in McAfee Avert Labs' traps has stayed fairly flat during the first part of the year," says Green. Image spam accounted for up to 65% of all spam at the beginning of 2007.

"It has actually dropped recently. Image spam is junk e-mail that includes an image instead of just text. It is used typically to advertise stocks, pharmaceuticals and degrees.

The image can triple the size of a single message, which causes a significant increase in the bandwidth used by spam messages. In November 2006, image spam accounted for up to 40% of the total spam received. It was less than 10% a year earlier.

According to Green, cyber criminals are riding the wave of online video available on social networking sites such as YouTube and MySpace.

"For example, the Web site of a French rock band was used to load a Trojan horse onto the computers of fans by exploiting a feature in QuickTime."

Green said he was surprised that mobile malware numbers were down.

A dozen new examples of malicious software have been targeted at devices such as cellphones and smart phones for the first quarter of 2007.

McAfee predicted more legitimate companies would try advertising software to target consumers.

However, because adware has a bad reputation, businesses are trying other ways to deliver their message on the Internet.

He cites BitTorrent as an example, as it is establishing a trend by offering free ad-supported video downloads as an alternative to paid downloads.

Green says unauthorised transfer of data is becoming more of a risk to enterprises - including loss of customer data, employee personal information and intellectual property.

This information can leak not only via the Web, but also through portable storage devices, printers and fax machines.

More than 13.7 million records have been breached so far this year, according to Attrition.org, compared to 1.8 million records during the same period last year.

A superficial read of statistics indicates the use of bots has actually decreased lately.

Green says McAfee predicts bots to still increase, but it is a difficult prediction to prove, because of the nature of bots.

Bots are computer programs that give cyber-crooks full control over PCs. Bot programs typically get installed surreptitiously on the PCs of unknowing computer users.

He says there is no doubt parasitic malware is spreading: "Parasitic infectors are viruses that modify existing files on a disk, injecting code into the file where it resides.

Philis and Fujacks continue to be active, and Avert Labs has classified more than 150 new variants of these two families this year.

Other families, including Sibil, Grum, and Expiro, are also active, said Green.

About 200 000 computers have been infected with rootkits since the beginning of 2007, according to Avert Labs' virus tracking mechanism - a 10% increase over the first quarter of 2006.

Related stories:
Security regulations: the IT department's coming-out party
Cyber-baddies make hay as CIOs snooze