Category: Statistics

Antivirus software company Sophos said that Zafi-D, which first appeared at the end of 2004, has been the most regularly spotted malware, followed by Netsky P.

Sophos noted that February’s top 10 is dominated by old viruses, with only two new entries this month, Bagle-BK and Sober-K.

“It looks like the Zafi-D worm is going to be hanging around like a bored teenager for some time to come, unless more home users realise how important it is to update their antivirus software. This Hungarian worm accounts for almost one in three viruses reported,” said Carole Theriault, security consultant at Sophos.

Theriault predicted that the Sober-K worm will be one to watch in March. “It can pose in a number of disguises, including a bogus bogus email from the FBI or raunchy videos of celebrity heiress Paris Hilton,” she said. One in 23 emails circulating last month carried viruses, according to Sophos.

Kaspersky Labs added that the number of malware detected overall in February “in absolute terms was low enough to make this month the quietest for the past 12 months”.

But the company warned that the detection of six new Bagle variants today is likely to have an impact. “We will undoubtedly see some of them in the March top 20. We will undoubtedly see a new crop of Trojan-Proxy.Win32.Mitglierder in the next few days, since this is the Trojan that Bagle typically downloads. We should then see a burst of spammer activity and new phishing emails,” the antivirus company said.

http://www.vnunet.com/news/1161599

Viruses were found in 11.99pc of messages circulating in Ireland last month, a significant rise on the rate of 7.39pc in January.

As with January, variants of the Zafi worm were the two most frequently occurring infections last month. In February their influence was somewhat reduced; Zafi.D was found in 41.12pc of infected emails and Zafi.B occurred in 21.16pc of cases.

The IFrame styled viruses takes advantage of a vulnerability in Microsoft’s Internet Explorer that allows a malicious HTML document such as an email message to execute automatically when it is viewed through the browser. It also affects Microsoft Outlook and Outlook Express, which share similar code for previewing HTML formatted messages. This helps the virus to spread as users don’t even have to click on the attachment to launch the virus – it could be spread simply by opening the infected message in Outlook’s preview pane.

“This is the first time in memory that a specific HTML exploit has come up so prevalently, normally they only occur in ones and twos,” he said. Driscoll pointed out that the vulnerability in Internet Explorer that IFrame exploits was identified almost four years ago, which means its presence suggests that large numbers of home users still have unsecured systems.

“This is an education issue that doesn’t seem to be reaching some people,” he said.

IE Internet also released figures, which showed the incidence of spam rose slightly to 38.1pc last month, a marginal increase from the level of 36.68pc recorded in January.

As ever, the US is the largest single source of unsolicited commercial email, although South Korea is gaining ground and now accounts for 17.85pc of emails sent to Ireland.

http://www.siliconrepublic.com/news/news.nv?storyid=single4509

More than a third of that, or $17 billion, will be wasted by U.S. companies. “We haven’t seen as much of a spike in costs as in spam volume because more organizations are putting in better anti-spam technology,” Richi Jenningssays.

Since 2003, spam volume hitting U.S. companies has jumped fivefold, but costs haven’t even doubled, Jennings says. Still, revenue for anti-spam software and hosted services will reach $1.7 billion by 2008, research firm IDC predicted last week.

In the United States, spam’s annual per-mailbox cost to businesses is $170. In Germany, it jumps to $241 based on Germany’s higher labor costs, fewer workdays, and high health-care and pension costs borne by companies.

http://www.informationweek.com/showArticle.jhtml;jsessionid=54IVKF140OEXIQSNDBNCKH0CJUMEKJVN?articleID=60403649

Spyware has become a serious security and IT support issue, according to a new report from Forrester Research, and enterprises are increasingly turning to anti-spyware products to help control the scourge.

According to “Antispyware adoption in 2005,” the real level of infection may be difficult to gauge, since 39% of companies surveyed had no idea how many of their systems were affected. However, report author David Friedlander writes that the remaining respondents put the infection level as high as 17%.

Some 80% of companies surveyed have already deployed specialized tools to deal with the problem, though Friedlander notes that, for the most part, they have not done so on a systematic basis.

Not surprisingly, the report finds that McAfee is the anti-spyware software market leader with a 42% share, while Lavasoft’s Ad-Aware software is in a close second at 36%.

Nevertheless, Friedlander predicts that there may yet be room for more players, with half of the companies that have not yet invested in anti-spyware tools planning to purchase them this year, and 65% of companies planning to buy best-of-breed products.

http://www.networkingpipeline.com/news/60400837

McAfee security specialist Lee Fisher, author of the report, said the biggest risk for companies is their own apathy. “Firms believe (wrongly) that viruses and code are a benign risk, that because they have a firewall they are protected,” he said, adding that “about 70 percent” of internet threats are driven by profit, not a desire for notoriety.

Fisher said that firms face a number of separate dangers. “The fast-spreading viruses make all the headlines, but they are not the biggest threats.” The biggest dangers include key-logging tools and bot network tools that could be used for distributed denial-of-service attacks.

To help firms protect themselves against these risks, in March McAfee will start updating its virus alerts and tools on a daily basis. Fisher said that this requirement was unimaginable five years ago, but the firm is now seeing about 50 new threats or viruses each day.

McAfee’s report emphasises that the internet is global, fast and virtual, adding, “In the wrong hands, this adds up to the potential to make vast sums of money illegally.”

Fisher said McAfee worked with enforcement experts and academics for seven months to draw up what he described as “the first in-depth picture of (the) new invisible threats we face”.

Online crimes include hacking, and less obvious threats such as the use of zombies and bot-networks to host malicious code or illegal material. McAfee said that the perpetrators of online crime had matured from being “geeks in bedrooms” to organised criminal gangs.

Two years ago the company’s researchers saw about 300 potentially malicious attacks a month, now that figure has grown to 1,500.

McAfee noted that many traditionally physical crimes, such as extortion and money-laundering, are now carried out online, and the scale of the problem is “massive”.

http://www.vnunet.com/news/1161404

“Three quarters of those surveyed said that their companies were raising security as a priority because it made them more efficient,” says Robert Holleyman, BSA’s president and CEO.

The report finds that a growing number of companies are raising security to the senior-management level, with 44% of companies having done so in February 2005 compared with 39% doing so in October 2003.

“Awareness and action are replacing fear in how security executives are responding to cyberattacks,” Holleyman says. “We’ve been talking for quite some time about making privacy and security a part of our corporate culture,” says Daniel Caprio, chief privacy officer and U.S. deputy assistant secretary for technology policy at the U.S. Department of Commerce. The increased levels of awareness that we’re finding in this survey show that we’re making progress.”

The numbers, he says, are encouraging: 78% of organizations now have a formal information-security program; 90% of companies have an information-security officer; 55% of companies have a chief privacy officer.

Says Caprio, “As companies create a CISO or CPO and empower that individual, and make that person part of senior management, then budget and resources follow.”

http://www.informationweek.com/story/showArticle.jhtml?articleID=60402295