- In this report
- Overview
- Phishing
- Viruses
- Spam
- Spyware
- Social networking
- A safer net
- How criminals deceive
- Where criminals plot
- State of the Net
- Properly erasing hard drives
- Ways to stay safe online
- Canadian online security
| FORUMS |
ELECTRONICS FORUMS  Get real-world advice from others about choosing a new computer, printer, peripherals, etc. |
September 2007
Viruses: Changing threats
The fact that virus infections have held steady since last year, as our survey indicates, is actually a mark of progress for
consumers and anti virus software makers because the threats have become more challenging. Roughly 1 in 500 e-mail messages
is infected with a virus, according to Postini, a security firm in San Carlos, Calif., that was recently acquired by Google
and processes 1 billion e-mail messages per day. And more than one-third of the list of malware that security software maker
McAfee has neutralized was introduced in the last two years. "The threats aren't slowing down; they're accelerating," says
Todd Gebhart, a McAfee senior vice president.
One reason for the rise is that virus-writing tools are more widely available and easier to use. "Ten years ago, these were technical professionals interested in computers," says Dmitri Alperovitch, principal research scientist at Secure Computing, based in San Jose, Calif. "Now they don't know much about computers. They just learn as they go along."
Experts we spoke with cited four threats you should watch out for:
Botnets. These are networks of hijacked home computers (known as zombies) that criminals can hide behind and use to send spam or infect other computers. Botnets are one of the most lucrative and fastest-growing threats, say anti virus software makers. Hijacking occurs by depositing malware on a user's computer. Since 2003, McAfee customers have reported more than 20 million such threats. Symantec says that up to 14 percent of computers in the U.S. are infected with bots. EarthLink, the Internet service provider, says it blocks 7,000 to 30,000 new zombies every day.
The Federal Bureau of Investigation recently identified more than a million U.S. computers that were captives of botnets, then began notifying the computers' owners. It also arrested two botnet operators, in Texas and in Kentucky, who between them allegedly controlled tens of thousands of computers.
Eighty percent of the spam now being sent on the Internet comes from zombie attacks, according to EarthLink. Botnets are also used for phishing and denial-of-service attacks that bring down computer networks by overloading them with traffic.
Rootkits. Hackers use this type of malware to hide another piece of malware on your system. Ed Skoudis, co-founder of Intel Guardians, an information-security research firm in Washington,says rootkits can "change your operating system so it lies to you, hiding files, processes, registry keys, and communications sessions." McAfee says it has noted a 10 percent increase in rootkits from early 2006 into 2007, much of which was distributed by spammers.
New delivery methods. A recently completed Google study of 4.5 million Web sites found that 10 percent of them were downloading malware. And rather than attacking the operating system, many malware writers are taking advantage of weaknesses in applications like iTunes, QuickTime, Flash, and WinZip, according to Brian Trombley, a product manager at McAfee.
Social-networking sites. Malware attackers are starting to use social networking sites as launchpads, raising concerns that malicious code could spread quickly, anti virus software makers acknowledge. The links that connect one person's social-networking site to another's make it possible to download malware onto visitors' systems, especially since a lot of young people using social networks have multiple links to others on their sites.
Solutions. You might not spot a virus until it has infected your PC and, possibly, disabled it. So running and updating your anti virus software, operating system, and applications is your best defense.
Internet providers continue to fight malware. EarthLink has added a premium service that claims to track almost 300 behaviors typical of malware. Google recently acquired a product that protects a browser from malicious downloads.
One reason for the rise is that virus-writing tools are more widely available and easier to use. "Ten years ago, these were technical professionals interested in computers," says Dmitri Alperovitch, principal research scientist at Secure Computing, based in San Jose, Calif. "Now they don't know much about computers. They just learn as they go along."
Experts we spoke with cited four threats you should watch out for:
Botnets. These are networks of hijacked home computers (known as zombies) that criminals can hide behind and use to send spam or infect other computers. Botnets are one of the most lucrative and fastest-growing threats, say anti virus software makers. Hijacking occurs by depositing malware on a user's computer. Since 2003, McAfee customers have reported more than 20 million such threats. Symantec says that up to 14 percent of computers in the U.S. are infected with bots. EarthLink, the Internet service provider, says it blocks 7,000 to 30,000 new zombies every day.
The Federal Bureau of Investigation recently identified more than a million U.S. computers that were captives of botnets, then began notifying the computers' owners. It also arrested two botnet operators, in Texas and in Kentucky, who between them allegedly controlled tens of thousands of computers.
Eighty percent of the spam now being sent on the Internet comes from zombie attacks, according to EarthLink. Botnets are also used for phishing and denial-of-service attacks that bring down computer networks by overloading them with traffic.
Rootkits. Hackers use this type of malware to hide another piece of malware on your system. Ed Skoudis, co-founder of Intel Guardians, an information-security research firm in Washington,says rootkits can "change your operating system so it lies to you, hiding files, processes, registry keys, and communications sessions." McAfee says it has noted a 10 percent increase in rootkits from early 2006 into 2007, much of which was distributed by spammers.
New delivery methods. A recently completed Google study of 4.5 million Web sites found that 10 percent of them were downloading malware. And rather than attacking the operating system, many malware writers are taking advantage of weaknesses in applications like iTunes, QuickTime, Flash, and WinZip, according to Brian Trombley, a product manager at McAfee.
Social-networking sites. Malware attackers are starting to use social networking sites as launchpads, raising concerns that malicious code could spread quickly, anti virus software makers acknowledge. The links that connect one person's social-networking site to another's make it possible to download malware onto visitors' systems, especially since a lot of young people using social networks have multiple links to others on their sites.
Solutions. You might not spot a virus until it has infected your PC and, possibly, disabled it. So running and updating your anti virus software, operating system, and applications is your best defense.
Internet providers continue to fight malware. EarthLink has added a premium service that claims to track almost 300 behaviors typical of malware. Google recently acquired a product that protects a browser from malicious downloads.
