Threats from malware — viruses, worms, Trojans, spyware and such — climbed 48 percent in 2005, compared to the previous year, according to the annual Sophos Security Threat Management Report.
The report, expected to be released today and a copy of which was obtained by TechNewsWorld, noted that there were 15,907 new malware threats this year compared to 10,724 in 2004.
“The amount of malware continuing to be written remains really, really high,” Senior Security Analyst Gregg Mastoras told TechNewsWorld from Sophos’ offices in Lynnfield, Mass.
Pills and Miracle Elixirs
Report writers also found that:
- One in every 44 e-mails carries a virus;
- New Trojans are being minted faster than Windows worms at a rate of almost two-to-one;
- Pill and miracle elixirs top the spam charts, but porn and stock scams are surging; and
- Cybercriminals are bonding together and combining their technologies to attack their victims.
Criminals Coordinating Attacks
“The financially motivated collusion of virus writers, spammers and hackers for criminal gain has developed into an art form in the last year,” the report said. “In a continuously evolving threat environment, criminals have joined forces to produce campaigns that coordinate virus, spam, phishing, and spyware attacks, blurring the distinction between them.”
Craig Schmugar, virus research manager at McAfee Security in Santa Clara, Calif., agreed that there’s been a change in motivation behind malware activity.
“Programs are designed to go undetected a little longer, designed to create bot networks for use by spammers to circumvent spam filters and blacklists,” he told TechNewsWorld.
“The random vandalism of earlier generations,” the report continued, “has been replaced by more purposeful criminal activity in which multiple variants of the same threat are relentlessly created and rapidly distributed with the aim of slipping past traditional signature-based virus protection and existing spam rules.”
Making Money Minting Mischief
Sam Curry, a vice president at Computer Associate’s Etrust Security Management in Islandia, N.Y., asserted that a criminal element has definitely established a foothold in the malware necosystem.
“They make money doing this,” he told TechNewsWorld. “The don’t do it for giggles anymore. They do it because, in some cases, they’re making in excess of US$100 million.”
There’s more organization and specialization involved in these activities now, according to Robert Richardson, editorial director for the Computer Security Institute (CSI) in Philadelphia.
“There are people who steal credit card numbers,” he told TechNewsWorld. “There are people who are credit card middle men. Then there are people subcontracted to sell blocks of numbers.”
Threats More Focused
The report went on to say, “Malware attacks have typically become more focused, aiming at a small number of victims compared to the mass-mailing worms of the past, in an attempt to avoid drawing unnecessary attention to themselves.
“Similarly,” it added, “the number of computers targeted by each spam attack was reduced so that the threat would sneak under the radar of anti-spam techniques that measure e-mail volume.”
Spam has become more than just an annoyance for the online community, according to security experts.
According to Mastoras, of Sophos, 66 percent of malware is delivered through e-mail, much of it in spam.
Curry, of eTrust, noted, “Spam as a vector for distribution as never before has emerged this year, and we expect it to continue.”
In 2005, noted John Reid, of the Spamhaus Project, a prominent spam-fighting organization, the widespread adoption of spam blocking and filtering tools have reduced that amount of junk arriving in inboxes, although that hasn’t deterred spammers from continuing to flood the Net with their garbage. He estimated that somewhere from 80 to 90 percent of all e-mail is spam.
The cost of measures to combat those enormous volumes of spam are directly born by consumers, he maintained. “Spam is never free,” he told TechNewsWorld.
Woeful policing of anti-spam laws and understaffed law enforcement units to fight spammers continue to make the practice an attractive pursuit. “If someone is going to go into crime, this is the crime to get into,” he said.
Impact on E-Commerce
As malware activity continues to climb, the question remains what kind of impact will it have on online commerce.
“I think people are starting to worry more,” observed CSI’s Richardson. “I don’t know if they’re necessarily backing off of making online purchases.”
Mastoras, of Sophos, believes the impact could be more severe.
“We’ve already seen a slight dampening of some people’s interest in going online and doing e-commerce,” he said. “I think that’s going to be a challenge for a lot of e-businesses.”