Online threats continue to grow

For the London Free Press - September 14, 2009 Read this on Canoe

Financial gain, notoriety and mischief are main motivators for unscrupulous 'Net users, report says.

Symantec, maker of Norton Antivirus, recently released its mid-year update of 2009 Security Trends.

Security threats range for simple annoying spam to malware intended to cause damage to systems, to phishing attempts to obtain information leading to identity theft.

The following summarizes their top five security threats as well as some newly recognized threats.

- There has been an influx of new malware variants. In other words, attackers continue to develop new types of threats and deliver them in various ways. This leads to an increasingly large number of distinct threats.

Symantec says it blocks an average of more than 245 million attempted attacks each month, the vast majority of which are new threats. Detection methods required to repel these attacks continue to evolve. Different detection methods are often combined for better results.

- The global economic crisis has been the impetus for new security threats. Some prey on the latest trends and vulnerabilities, including an increase in things such as fake "work at home" schemes, and variations targeting employment ads. Other scams try to take advantage of homeowners under foreclosure or seeking mortgage refinancing.

- The popularity of social networking sites such as Facebook have made them a constant target for security attacks and scams. This threat has continued as scams attack through the use of compromised accounts, games and surveys which have the potential to collect lucrative information about users.

- Spam levels continue to rise, and will eventually comprise 75% to 80% of all e-mail. Spam volumes remain high despite ongoing successful efforts to shut down spam sites.

- Advanced web threats and malicious activity remain an increasing problem. Many such attacks occur against users of legitimate websites who are falsely redirected to malicious content. Forms of infection have been through "drive-by" downloads and attacks on social networking sites. Further attacks have occurred through plug-in applications and cross-site scripting.

Some of the more recent threats combined new threats with those used in previous years. An example is the use of characteristics of the CodeRed and Nimda threats in the Conficker worm, one of the "most complex and widely spread" threats in recent years.

Conficker was serious enough that last February, the Conficker Working Group, a panel of industry leaders and academics, was formed to help come up with a co-ordinated, global response.

Though many attacks are motivated by financial gain, others are motivated by the quest for notoriety and/or mischief.

The bottom line for both commercial and personal users of the Internet is that it is crucial to have protection in place to lessen the risks of spam, viruses, and malware in general.

That includes making sure firewalls are properly configured, and having regularly updated anti-virus software.

And be skeptical about any e-mail that doesn't look right, or seems too good to be true.