|
Online malware report 2008
23/05/08
IronPort
Systems has released advanced findings from its second quarterly
Spam, Viruses and Malware report to be published next month. The
report highlights that, as security vendors become more adept at
spotting and stopping botnet attacks, spammers are turning to ever
more devious ways to install malware and distribute spam and
viruses. It also shows that malware installations have increased by
10% since the previous report in December of last year.
The report
identifies three ways which are increasingly being used to infect
host PCs to bypass the more effective security software that is
becoming available.
The return of
Webmail spam: Webmail providers long ago outwitted bots that sought
to automatically set up thousands of bogus accounts to distribute
spam by using a capture process. This capture process, whereby a
graphic of numbers and letters needs to be read and entered, relies
on human intervention to interpret the graphic. However, more
sophisticated bots are appearing that have the ability to correctly
recognize the symbols, thus opening the door to a new wave of
webmail-based spam attacks. The report shows that these accounted
for more than 5% of all spam in Q1 2008 compared to less than 1% in
the previous quarter.
Exploiting
Google: Malware sites have to contend with comprehensive databases
that record every malicious URL as they appear and feed the
information to security vendors that then block access. Next
generation malware now gets around this by using Google's 'I'm
feeling lucky' search option to channel traffic to infected sites.
When a user enters a search string and hits the button, Google
redirects the browser and, in doing so, can bring users to websites
that have otherwise been flagged as malicious.
The report
also estimates that 1.3% of all Google searches return malware sites
as valid results. Given the huge volume of searches carried out
every minute, this translates into a potentially huge opportunity
for malware distributors.
Out of Office:
Most people switch on their Out of Office (OOO) notification system
when on holiday or away on business. However, if this email address
is spammed in the users absence the automatic OOO response not only
validates the address as genuine. It also allows spammers to hijack
the corporate mail server and send spam that appears to be coming
from a legitimate source. This style of attack had not been seen
before and illustrates the sophistication of spammers to circumvent
anti-spam filters.
Purveyors of
malware are always trying to keep one step ahead of the security
companies - it's like a game of cat and mouse," explains Jason
Steer, EMEA Product Manager, IronPort Systems. "Every time security
vendors plug one loophole, the spammers and virus writers have
already moved on to a fresh crack in the system. Our report aims to
help IT professionals, consumers and security vendors to spot these
trends and take adequate measures to prevent them. Malware remains
an enormous threat to corporate and personal security as well as
providing a hugely lucrative revenue stream for criminal
fraternities; it is incumbent upon us all to try our utmost to
eradicate it."
The IronPort
Security Report will be published in June and will be available from
www.ironport.com
Nick Gibson, editor
|
