CyberSecurity Institute

Eight-four percent of those surveyed said that the spyware problem is worse, or at best the same, as it was three months ago.

Although one would expect such results from a poll done by a vendor that sells gateway, not end-point, anti-spyware products, Gartner research director Avivah Litan seconded Blue Coat’s motion that today’s desktop defenses are not the ultimate solution for the spyware dilemma. “The lack of effectiveness comes from the fact that many [programs] are signature based,” she said, referring to the one-one-one digital fingerprints that anti-spyware, like their anti-virus cousins, must create to detect and then delete each new instance of spyware.

(It’s common, for instance, that one desktop anti-spyware product misses some spyware that rivals catch, and vice versa, the root of the advice by many experts to use multiple anti-spyware solutions.)

In fact, about one out of every eight enterprise IT managers polled said that they re-image all their spyware-infected desktops as a matter of course.

http://www.techweb.com/wire/security/159402774

iDefense, a Reston, Va.-based supplier of security intelligence to both corporations and government agencies, delved into its private database of more than 100,000 malicious code attacks to publish analytical findings publicly for the first time, said Ken Dunham, the company’s director of research. Using that database, iDefense tallied a record 27,260 attacks in 2004.

Over 15,000 of those, or some 55 percent, were specifically designed to covertly steal information or take over computers for criminal purposes, including identify theft and fraud, said Dunham. “We counted over 9,000 backdoors alone,” said Dunham, the component now dropped by most mass-mailed worms to allow hackers later access to compromised machines. “This is a business,” said Dunham, “with organized criminal groups around the globe continuing to mobilize resources to develop, sell, and launch Internet attacks.”

Among the ways these crooks are making money, iDefense’s analysis showed, are swiping credit card and bank account data, then selling them based on a tiered-value system where platinum-grade cards, for instance, are priced higher, with a corresponding higher attack ratio against targets to acquire those kinds of cards. Other money-making schemes include assembling networks of infected machines to send spam, launch follow-up malicious code assaults, or threaten denial-of-service (DoS) attacks to extort payment from Web sites.

Last year, the number of attacks with an IRC (Internet Relay Chat) component skyrocketed by 1000 percent over 2003, Dunham said. Malicious code attacks that utilize IRC typically automatically collect data–including personal financial information–and send it to the hacker’s private chat space, where he can process, filter, and analyze the data.

Attacks using a backdoor or relying on other remote access tricks to infiltrate a system also jumped during 2004, and showed a 420 percent increase over the previous year.

“Organized crime rings capturing personal information for fraud and extortion activities are a driving force in the growth of malicious code threats,” said iDefense in a statement. Unlike ‘phishing’ attacks, where users are tricked to provide personal financial information, these approaches are often unseen by the victim.”

And even the attacks that make the media are only the tip of the iceberg, said Dunham. “There’s a huge number of obscure little ‘bots that are attacking specific enterprise networks. With literally hundreds of Trojans out there, some used to attack only one company’s network, AV vendors can take days, weeks, and even months to do analysis and produce a defensive signature.

Like any company, AV firms must strike a balance between profitably and resources,” Dunham said.

http://www.techweb.com/wire/security/159400873