by Jay Wrolstad, newsfactor.com
Home computer users, most of whom don't take even rudimentary measures
to protect their PCs, are increasingly finding themselves under attack
by phishers and malware miscreants who are getting much better at
their nefarious work.
That's the conclusion drawn in Symantec's latest security threat report.
Symantec found that home users now comprise 86 percent of all targeted
attacks against computers, followed by businesses in the
financial-services industry.
With hackers aiming at desktop applications and developing new,
sophisticated tactics to avoid detection, scattershot Internet worms
and viruses have given way to more focused assaults whose purpose is
largely fraud and identity theft.
"Home users face a bigger threat since they do not have security
[policies] put upon them," said Natalie Lambert, an analyst at
Forrester Research. The security settings on corporate users' PCs are
dictated by I.T. workers, she explained. But home users are left to
their own devices and typically do a poor job managing their security,
she said.
"Even after these home users install their software, they still have
to keep it updated -- something most still have not mastered," she
went on to say. "And since PCs are only as secure as their last
update, home users will continue to be at risk."
Ignorance Not Bliss
Even as security companies are attempting to bolster PC defenses with
traditional antivirus strategies, Symantec found that attackers are
delivering their malicious code through zero-day security
vulnerabilities in e-mail applications and Web browsers.
Web browser flaws represented 69 percent of all vulnerabilities
documented by Symantec in the first half of 2006, with 47
vulnerabilities documented in Mozilla browsers (up from 17 in the last
reporting period), 38 in Microsoft Internet Explorer (compared to 25),
and 12 in Apple Safari (compared to six).
Additionally, phishers are learning to bypass spam-filtering
technologies, the Symantec report noted. Most phishers have gotten
wise to new spam- and virus-fighting technologies and now exclude
malicious code from their mass mailings to enhance the chances of
making it into the inboxes of unsuspecting users. Instead, they now
simply include links to Web sites hosting the malicious code.
Also of note in the report is the fact that Symantec identified some
4.6 million active zombie computers under the control of hackers and
the period. These zombie machines are used not only to level
denial-of-service attacks at Web sites who refuse to pony up ransom
money, but also to spread malicious code through spam messages.
Financial gain remains the motivation behind many of these threats,
Symanted reported.
Future Bleak
Yankee Group analyst Jonathan Singer suggested that the proliferation
of spam engines and botnets can be attributed to the successes hackers
have experienced thus far. "It's a lot easier to go after an
unsuspecting user than try to break into a enterprise network," he
said.
Even those users with antispyware installed on their machines remain
susceptible to phishing attacks that use social-engineering tricks to
trick people into providing their sensitive financial information on
bogus Web sites, Singer said.
Both he and Lambert said common sense can go a long way toward
thwarting these attacks. "You should always be wary of suspicious
e-mails, and always type in the URL of a bank or other site rather
than clicking on a link provided in a message," said Singer.
The best way you can protect yourself is to keep your system patched,
update your security software, and not open suspicious attachments,
Lambert said. She also advised installing a security suite that
consists of firewall and antispyware software, in addition to
antivirus capabilities.
The Symantec report said that, in the future, the present situation is
likely to worsen, with more threats designed to exploit personal
software and Microsoft's forthcoming Windows Vista operating system.
Copyright 2006 NewsFactor Network, Inc.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or)
http://telecom-digest.org/chat/index.html
For more headlines and news each day, please go to:
http://telecom-digest.org/td-extra/newstoday.html
Jay Wrolstad (newsfactor@telecom-digest.org)