WhenBy Baselinemag | Posted 2005-12-13 Email Print
Bot worms have emerged as one of the most dangerous security threats. Companies are finding new ways to keep them at bay.bots Go Bad (or Worse">
But bots weren't the only network security problem companies had to worry about this year. In fact, the nature of Internet threats shifted even further toward the dark side, as hackers seeking notoriety were supplanted by attackers looking to perpetuate fraud and pocket a quick buck. "There's been a change in the threat landscape," Turner notes. "Threats are increasingly motivated by profit. At the same time, attackers are moving away from large, multipurpose attacks on network perimeters and toward smaller, more focused attacks on desktop applications."
According to the most recent Symantec Internet Security Threat Report, which covers the first six months of 2005, this new landscape is being dominated by a variety of emerging viruses, bots and bot networks, customizable malicious code, and targeted attacks on Web applications and browsers.
Some of the key findings:
Symantec documented almost 11,000 new virus and worm variants designed to attack 32-bit Windows operating systems, or Win 32, an increase of 48% over the previous period in 2004. This big jump is the result of Win32 variants that implement bot features such as remote access through Internet Relay Chat channels and denial-of-service capabilities, Turner says.
Threats from phishingsending fraudulent e-mails in an effort to elicit information from users that can be used in identity fraudare on the rise. The volume of phishing messages grew from an average of 2.99 million for the first half of 2004 to 5.7 million within the same time span in 2005. One of every 125
e-mails scanned by Symantec was a phishing attempt, the company says.During the first half of 2005, Symantec documented 1,862 vulnerabilities, nearly 60% of them in Web application technologies. The total of vulnerabilities for the six-month period represented the highest number ever recorded in the Internet Security Threat Report. Additionally, 97% of these vulnerabilities were classified as moderate or high in severity.
There was also an increase in malicious code for profit. Much of this code was deployed to relay bulk, unsolicited e-mail.
Fortunately, vendors have become more proactive in trying to safeguard enterprise clients. According to Turner, Internet service providers, for example, are doing more to block services that are targets for bot infections and filter out potentially damaging e-mail attachments. Techniques include monitoring bandwidth to detect abuse, and scanning e-mails for viruses.
Microsoft, under pressure from some of its big corporate clients like General Motors, has become quicker off the dime in responding to threats. For instance, it rushed out an off-cycle update of a malicious-software removal tool almost as soon as Zotob hit. Microsoft's Internet investigations team worked closely with law-enforcement officials in apprehending those thought to be responsible for Zotob.
Still, Microsoft isn't doing enough on the security front, says Gary McGraw, CTO of Cigital, a software quality management firm in Dulles, Va. Until the vendors, largely Microsoft, produce truly secure software, McGraw says, enterprise users will remain vulnerable. "Business guys need to wield their market power to make Microsoft do a better job," he notes. "Microsoft has made a lot of progress, but it still has a lot more to do."
But no matter what you do to combat viruses and other intruders, there's no such thing as a silver bullet, particularly given the ever-changing malware landscape. A strong defense, however, may help you sleep a little more soundly.