Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, December 04, 2007

Amount of malware grew by 100% during 2007

In its 2007 data security summary, F-Secure reports of a steep increase in the amount of new malware detected during 2007.  This indicates that network criminals are producing new malware variants in bulk.  Social engineering remains a key method for propagating malware, and more productive malware development tools and kits are increasingly used by the criminals.  The successful social engineering methods the Storm gang used during the first half of 2007 were further developed in the second half of the year.  Also the technical setup of the Storm botnet is unique: in addition to using a novel peer-to-peer setup to avoid one vulnerable central point of control, the botnet also has a capability of using DDoS-attacks to retaliate against anti-virus researchers investigating the botnet.

Other increasing data security phenomena during 2007 included parasitic behavior, like the Zlob DNSChanger, and increasing security exploit activity for Apple products, including both Mac’s, iTunes and the iPhone.

The increased popularity of social networking services carries similar risks.

On the mobile security front Symbian S60 as the most popular smartphone platform has done a good job of curbing malware with its 3rd edition software.

Posted on 12/04