Security Threats Up Nearly 50%

Heading up Sophos' top-10 chart was the long-running Zafi.d, a mass-mailed worm that made itself known almost a year ago: It accounted for 17% of all threats detected during the first 11 months of 2005.
"The recent Sober.z worm is unusual," Cluley went on. "It's an old-school worm. That doesn't work for the criminally minded, who actually think that infecting millions is just a nuisance. They want to infect only enough machines to create a steady revenue stream from identity theft or selling systems to spammers."

The focus on making money from computer security threats isn't new--Cluley acknowledged that it's a trend which continues to build--but the overwhelming number of Trojan horses is evidence of the practice. "At least now we have some hard facts," he said.

Sophos' analysis of 2005's threats also disclosed their most common characteristics for the first time. Nearly 42 percent of all threats allowed others to access a compromised machine, while 40 percent downloaded code from a Web site using so-called "drive-by download" exploits. Thirty-four percent stole some kind of information, while 16 percent included a keylogger.

One in ten threats exploited a known vulnerability, and almost one in six tried to disable anti-virus software.

On the spam front, Cluley noted the rapid rise in "pump-and-dump" stock spam scams.

"That's the kind of spam where spammers buy a lot of penny stocks, send out messages to promote the stock, then when the price climbs, they sell their shares," said Cluley. "These spammers don't have to deliver any product or even create a Web site. All they have to do to make money is convince enough people to invest in a stock, then sell their shares. And if the price hasn't gone up, they haven't lost anything."

By November, pump-and-dump spam accounted for 13.5 percent of all spam; at the beginning of the year, it was a measly 0.8 percent.

"A lot of these spams are getting through anti-spam products," said Cluley, "because they don't include a link to a URL, a common technique defenses use to spot spam."

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing