February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Spam I Am Not! | Main | Army, Navy, Air Force, IT »

January 31, 2007
Major Shift -- More Phishing than Virus Emails

In a marked shift from just a year ago, security experts have noted that for the first time ever, there have been more phishing emails detected than emails infected with viruses. According to MessageLabs, in January 2007, 1 in 93 emails (1.07%) was some sort of phishing attempt, while only 1 in 120 emails (.83%) was found to be infected by a virus.

Part of this can be explained by the new viruses, and that they are much more targeted. As I’ve blogged here before, cybercriminals that launch virus attacks no longer rely on huge macro-attacks in an attempt to infect every computer in the country. This is mainly because this type of attack can be quickly quelled using blacklisting and content analysis, along with the fact that the longer the new viruses goes undetected, and unreported, the more profitable they are to the hackers.

Mark Sunner, chief technology officer at MessageLabs, said: "If you look at infected email traffic for January, it's very spiky. With Storm Worm there are clear spikes, then drops down to normal levels. It's as though someone is turning on the tap briefly, then letting it abate."

At the same time, phishing has become much more sophisticated, with man-in-the-middle attacks, though still rare, increasing. One such attack tries to hijack a user session when a user is tricked into clicking on a link, users go to a fake portal that is hosted on a compromised machine, and any information entered, such as bank details and codes, is relayed through the compromised machine to the real bank site. Once the users have validated themselves on the real system through the compromised relay, hackers kill the user connection through the relay, and take over the session.

This is possible because phishing attacks have become much more personalized and much more believable (which includes sending phishing emails to banks the victims actually use, instead of just using random phishing spam). Also, more phishing sites are using Flash content rather than HTML to avoid the anti-phishing technology deployed in web browsers.

Finally, another reason for this shift is that malware has moved more in the direction of web-based attacks., which simply means the virus level remains constant, only users are more likely to pick it up surfing the web rather than opening an email attachment.

Posted by pschooff in Phishing |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1256

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map