Feeds

Phishermen, not zombies, causing biggest security woes

McAfee issues revised forecast

High performance access to file storage

Data-swiping phishing sites are causing a greater security headache than expected while botnet numbers have taken an unexpected dip over recent months, according to revised security predictions by net security firm McAfee.

McAfee Avert Labs recorded a 784 per cent increase in phishing websites in the first quarter of 2007 compared to the same period last year, with no slowdown in sight.

"As we approach the midyear mark, we wanted to check on our crystal ball gazing skills," said Jeff Green, senior vice president of McAfee Avert Labs and product development. "As we predicted, professional and organised criminals continue to drive a lot of the malicious activity on the net. However, we were surprised that mobile malware and image spam tapered off."

Image spam is so named because it includes an image instead of just text. These junk mail messages typically advertise goods and services such as stocks, pharmaceuticals, and degrees. Image spam accounted for 40 per cent of spam in November 2006 and up to 65 per cent of all spam at the beginning of 2007, but this figure has dropped off recently. Overall spam levels have remained static.

McAfee reckons its other security predictions made at the start of the year are panning out. In particular, it warned that video on the web would become a target for hackers and the prevalence of rootkits on 32-bit machines would increase. About 200,000 computers have been infected with rootkits (malign programs that hide their presence on infected systems) since the beginning of 2007, according to Avert Labs' virus tracking mechanism, a 10 per cent increase over the first quarter of 2006.

One prediction that hasn't panned out is McAfee's expectation that more legitimate companies would try advertising software (ie adware) to target consumers. Because adware has a bad reputation, firms have shied away from the approach and tried different tactics instead. BitTorrent, for example, is establishing a trend by offering free ad-supported video downloads as an alternative to paid downloads. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.