Information-stealing Trojans Going Strongest
According to a report from Secure Computing, Web attacks using malware are rising, so is malware for stealing information, and attacks from stock-based spam are likely to go on increasing.
The report first detected the backdoor threats and information-stealing threats continue to rise and be the most serious ones. Statistics indicate that attackers have used this as the dominant method to impact home users and enterprises.
Information-stealing malware covers 10% of all threats identified that climbed upwards from 8% in January 2007. The report anticipates a shift in trend from malware carrying e-mails to spoof e-mails that lead to Web-hosted malicious code.
The report mentions the OnlineGames family of password stealers and the new variant of the GpCoder ransomware. Some of the attacks are localized like the surge of trojans in fake iBill invoices that were distributed in Germany. The malware in these e-mails, the Bzub.IF Trojan, infected systems on downloading it that intercepts keystrokes and captures passwords entered in the login Web page.
Amidst all this, trojans have been going strong in the malware front. They now account for 63% of all new variants compared to 58% in January. The most popular medium for spreading new attacks continues to be the Windows executable files.
Also, the current adware classified as spyware of supervisory nature are installed on victims' systems without their consent. Consumers are increasingly getting concerned about spam mails that connect to sites hosting spyware.
Blended attacks where spam mails include links to malicious Websites point to the improved sophistication of attacks based on content, said Chenxi Wang, principal analyst, Security and Risk Management for Forrester Research. Marketwire reported this on August 15, 2007. Users can protect themselves by deploying a program that can perform a cross-channel analysis and assess the reputation of both senders of e-mails and URLs.
Today's attacks are more complex and spread faster than before, said Paul Judge, CTO at Secure Computing. Marketwire reported this on August 15, 2007.
Business organizations and consumers should ensure up-to-date programs and patches on their systems and have a multi-layered approach to detect and prevent threats, Secure Computing researchers recommended.
Related article: Inappropriate IT Decisions Leads to Security Dangers
» SPAMfighter News - 29-08-2007