PC users face increasingly complex and dangerous cyber threats

Islandia, New York-based CA Inc. has released a report warning PC users that they are facing growing and more complex Internet threats — including targeted identity theft, emerging risks associated with online gaming, a doubling of malware exploits, and new software vulnerabilities. The CA Mid-Year Internet Threat Outlook Report is based on data compiled by the CA Security Advisor Team, a global team of malware researchers, and it outlines the impact that organized crime, evolving technology, and the ongoing efforts of malware authors on the safety and security of PC use. The exposure of home PC users continues to grow as the PC becomes the family communications and entertainment hub. No computer, operating system, or software is completely invulnerable to the types of attacks that users can unwittingly expose themselves to.”Everyone using the Internet should be aware of the nature and severity of online threats-especially gamers, social network users, seniors, tweens and their parents” said Brian Grayek, vice president of Threat Research for CA. “It’s especially important to teach younger users about protecting personal information and handling cyber-bullies, because-even though they may be more adept at using the Internet than their parents-they tend to be far less diligent about practicing safe online computing.”

Among the predictions from the CA 2007 Mid-Year Internet Threat Outlook:

* Stealing online gaming accounts will become as profitable as stealing bank accounts

* “Spear-phishing” will grow as identity theft surpasses record levels. Almost 3.25 million Americans discovered that their personal information has been used to open credit cards. Phishers are shifting from pure opportunism to “spearing” specific individuals based on age, socio-economic status, etc.

* Malware will increase by132 percent this year over last, with Trojans leading the pack. From January to June 2007, 65 percent of the malware threats were Trojans, 18 percent were worms, 4 percent were viruses, and 13 percent were other types of malware.

* Mozilla Firefox will no longer be considered more secure than Microsoft Internet Explorer; and conventional wisdom that Apple Mac OS X is more secure than Microsoft Windows will be proven wrong. Internet Explorer and Firefox are running neck-and-neck, with 52 and 53 vulnerabilities this year respectively, and will easily surpass the number of vulnerabilities reported last year. In the first half of this year, there were 51 reported vulnerabilities for Mac OS X, 29 for Windows XP and 19 for Windows Vista.

* Cyber-criminals will increasingly use a “multi-step” approach to creating and distributing malware. Multi-component malware, such as sending spam with a Trojan, allows them to fine-tune the malware-making it harder for security vendors to identify. Lesser-known techniques to hide from security software, including “packers” or “encryptors,” are now widespread (representing two of the top five malware this year).

* Internet crime groups will look more like legitimate software businesses. No more attention-seeking hackers-organized groups of criminals have developers, marketers and distribution channels. Many are located in Eastern Europe and China.

* As Botnets grow, so will the risk of “botherders” using information about victims’ behavior to offer demographics-based marketing. Such targeted efforts would rival the largest legitimate marketing. Based on current estimates, millions of home PCs may be controlled by botnets today.

* As adware and hijackers continue to fade, the spyware category will be dominated by Trojans and downloaders. The versatility of Trojans has clearly made them the tool of choice for malware authors. Downloaders will become attractive as new versions not only distribute spyware but defend against its removal.

* Criminals will increasingly target lower profile but useful software, such as Adobe Acrobat Reader and Macromedia Flash, to exploit security holes. At the current rate, we’ll see twice the number of vulnerabilities in Reader and Flash.

* Social networks are under fire for security weaknesses. Not only are they subject to the same weaknesses as web sites-SQL injection, cross-site scripting attacks and forgeries-but the ability to create web pages allows a criminal to post malicious code. On a social network, attacks move faster because everyone is interconnected. Mobile social networks can also be easily attacked-providing information for stalking and other crimes.