 |
||||||
| AUGUST 2006 |  |
|||||
|
||||||
|
Global Security Threats and Trends
Here are the most prominent vulnerability and malware trends during the last six months. Be warned: for-profit malware is spreading like wildfire.
|
||||||
|
||||||
|
|
|
||||
|
||||||
|
Today's threat environment has changed materially. The professionalism of malware coupled with a powerful open-source model has created a formidable, profitable, and criminal adversary for security professionals. The fundamentals are in place for this new industry to thrive, virtually guaranteeing that malware will continue to become more robust, more sophisticated, more plentiful, harder to combat, and more dangerous.
The Monetization of Malware For-profit malware emerged in 2003, and is now the overarching threat trend. Prior to then, unsatisfied teenagers, trying to prove themselves, were responsible for the development of most viruses and Trojans. Since then, the spectrum of questionable and undesirable programs has expanded to include viruses, Trojans, bots, rootkits, worms, phishing attacks, spyware, spam, and other exploits, which are all used by criminals. And the underlying motivation has shifted to financial gain. There's a new marketplace for these exploits. Vulnerability bounty programs and the growing interest of criminals in the online world have created an army of for-profit vulnerability researchers and an increase in zero-day attacks. Non-public vulnerabilities and exploit toolkits are for sale, so anyone can build directed attacks, including companies that want to test their compliance levels and defenses. Vulnerabilities are increasing in numbers, but fortunately patch management is also improving. Discovered vulnerabilities are increasing about 30 percent annually. Vulnerabilities in Web applications comprised over two-thirds of total vulnerabilities disclosed in the second half of 2005. Vulnerabilities are also growing in new areas, including the non-Windows operating systems and popular open-source Web browsers. In the first five months of 2006, more than 80 vulnerabilities in non-Windows products were disclosed, compared to about 120 for all of 2005 and 60 for all of 2004. The number of Firefox and Mozilla vulnerabilities is also increasing. Fortunately, as vulnerabilities have increased, vendors' patch release cycles have shortened, reducing the vulnerability window. In the first half of 2005, the time between a typical vulnerability's disclosure and its patch was 64 days. In the second half of 2005, the window shrank to 49 days. For Windows vulnerabilities, the window in 2005 was 46 days, slightly shorter than the industry average. The time between vulnerability disclosure and the availability of an exploit was almost constant in 2005 at around seven days. The time that companies need to patch systems is falling as well. One study found that the time to patch half a sample of externally facing systems was about 19 days in the second half of 2005. In 2003, it was 30 days. This roughly corresponds with a November 2005 study that found 19 percent of survey respondents took one week or more to patch their systems after the release of a patch. The Growth of Stealth Techniques Due to the increase in quantity and quality of stealth technology like rootkits, malware has a higher chance of remaining unnoticed than ever before. The number of malware samples that use stealth techniques increased four-fold from the first quarter of 2005 to the first quarter of 2006. Possible explanations for the increase include the general availability of rootkit code and ready-to-use rootkit executables. McAfee found that, in a random sample of 24 generally available rootkits, at least 12 were found in malware samples collected from the wild. In 2005, rootkits began migrating from Trojans to viruses, bots, and potentially unwanted programs, which include adware and spyware. In the first quarter of 2006, McAfee Avert® Labs found that one-quarter of submitted malware samples incorporating stealth techniques were viruses, bots, and PUPs. Open-source collaboration is feeding the growing sophistication and popularity of rootkits. Use of Bots in For-Profit Ventures Botnets can be easily rented for denial-of-service attacks, spam distribution, and pay-for-click scams. Without protective measures, your systems could become part of an active botnet, or your company could be the target of a DoS attack launched from a botnet. Mytob is the most recent bot family to emerge. It launched in February 2005 and is estimated to have increased the number of bot-infected machines by 150 percent. Four older bot families—Sdbot, Agobot (Gaobot), and Spybot—saw fewer new variants in 2005; however, they still accounted for more than 7,000 new variants in the second half of 2005. Bot authors increasingly use open-source development techniques, such as multiple contributors, release dates driven by bug fixes, paid feature modifications, and module reuse. This form of collaboration is expected to make botnets more robust, creating a more reliable ROI for botnet customers. Phishing Still Growing Phishing is still growing, and growing more sophisticated. In May 2006, the Anti-Phishing Working Group reported a 90 percent increase in new unique phishing sites since the second half of 2005. The group says it has received an all-time high of more than 17,000 phishing reports per month in 2006, most of which were related to scams involving first- and second-tier financial institutions. The number of phishing Web sites that host keystroke loggers grew by 130 percent from January 2006 to April 2006. Approximately 40 percent of the phishing attacks are in languages other than English. Even small geographic regions, such as Catalan, have been targeted. Phishing attacks are also becoming more sophisticated, moving beyond the traditional spoofed e-mail and simple Web link to submit confidential information. One recent phishing e-mail enticed victims to call a telephone number affixed to a Voice over IP (VoIP) system that was set up by attackers. Resources: Learn more about the open sourcing of threats that is driving these global threats. Read Sage, a semi-annual objective forum of leading-edge security research, analysis trends, and opinions. This issue examines the price we're paying for the open-source advantage. Register to download Sage. |
||||||
|
||||||
|
|
Forward | |
|||
|
||||||
|
Our Privacy Policy \
Anti-Piracy Policy McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2006 McAfee, Inc. All rights reserved |
|
||||
