Malware becoming more sophisticated, warns IBM

Computerworld UK staff   Today’s Top Stories   or  Other Spam, Malware and Vulnerabilities Stories  

The Secure Web Gateway. Mission Critical For Business Client Security Podcast IT Leadership Strategy: How to Provide World-Class Help Desk Support Malicious Software Defense: Have we moved beyond the need for anti-virus and spyware protection software? Understanding PCI DSS Compliance State of Internet Security Series: Protecting the Perimeter Computerworld Report- Large Enterprises Pay More for IPAM Computerworld Technology Briefing: Intelligent Users Use Business Intelligence Virtual Reality Sign up to receive Spam, Malware and Vulnerabilities Resource Alerts

September 17, 2007 (Computerworld UK) -- IBM has reported an increase in malware volume and sophistication as part of its security statistics report for the first half of the year.

So far this year, IBM's X-Force research and development team has identified and analyzed more than 210,000 new malware samples, which is more than the total number of malware samples observed over the entirety of last year.

According to IBM, the "exploits as a service" industry continues to thrive, with the new practice of "exploit leasing" added to the repertoire of criminals. By leasing an exploit, attackers can now test exploitation techniques with a smaller initial investment, making this underground market an even more attractive option for malicious perpetrators.

According to the report, Trojans (seemingly legitimate files that are actually malware) are the most common form of malware this year, accounting for 28% of the total. Last year, Downloaders was the most common category. A downloader is a low-profile piece of malware that installs itself so that it can later download and install a more sophisticated malware agent.

"The X-Force security statistics report for 2006 predicted a continued rise in the sophistication of targeted, profit-motivated cyberattacks," said Kris Lamb, director of X-Force. "This directly correlates to the rise in popularity of Trojans that we are witnessing this year, as Trojans are often used by attackers to launch sustained, targeted attacks."

But running counter to historical trends, X-Force reports a slight decrease in the overall number of vulnerabilities uncovered in the first half of 2007 versus the first half of 2006. A total of 3,273 vulnerabilities were identified in the first half of this year, down 3.3% year-on-year. However, the percentage of high-impact vulnerabilities has gone up, from 16% in the first half of 2006 to 21% for the first half of this year.

A similarly unexpected trend in the report is the decrease in spam message size. IBM said the fall corresponded with a decrease in image-based spam.

"The decrease in spam message size and image-based spam is a result of spammers adopting and experimenting with newer techniques, such as PDF- and Excel-based spam, as a means to more successfully evade detection by antispam technologies," said Lamb.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"The Payment Card Industry Data Security Standard (PCI DSS) being pushed by the major credit card companies has probably done..." Read more... "At this big apparel company, there's a data upload every night from factories to HQ. But one morning, this pilot..." Read more... Read more Security posts or See all Blogs

Microsoft's Web site overwhelmed by would-be Windows 7 downloaders FAQ: How to get the Windows 7 beta Google: Chrome in 'never-ending' beta More top stories...

Review: Windows 7 Beta 1 shows off new task bar, more UI goodies Elgan: Palm and Sony out-Apple Apple Memory card standard could provide up to 2TB on an SD card

The 9 hottest skills for '09 The downturn has softened the IT talent market but done little to weaken demand for SAP, .Net and other technical skills. Fast fixes for common PC problems Every computer user hits a speed bump now and then. Here are some speedy, simple solutions to hardware, software, network, Internet and mobile-device crises. Apple's 5 biggest moments in 2008 From the iPhone 3G to 'unibody' MacBooks, 2008 was a standout year for Apple. Hands-on Linux: New distro versions push the envelope We've got reviews and videos of the new Ubuntu 8.10, Fedora 10 and openSUSE 11.1. Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system More Continuing Coverage Windows 7 Voting Technology Google's Chrome browser Economy in turmoil: Latest news and tips iPhone 3G Bill Gates moves on Windows Vista A to Z Mac A to Z 2008 Salary Survey Find wage data for 50 IT job titles. More Special Reports 2009 Premier 100 IT Leaders 2008 Premier 100 IT Leaders 2007 Premier 100 IT Leaders 2008 Best Places to Work in IT 2007 Best Places to Work in IT 2008 Salary Survey 2007 Salary Survey 2006 Salary Survey 2008 IT Forecast 2007 IT Forecast 40 Years of Computerworld Top 12 Green-IT Users The FAQs About Going Green IT Schools to Watch iPhone: One Year Later Global Mobile Your Next Data Center Management: Reinventing IT Stop Data Leaks Web 2.0 Security Surviving Disasters Managing Storage Virtualization The Lean Storage Machine Storage on Trial Can Web 2.0 Save BI? Bypass These BI Potholes All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

The Secure Web Gateway. Mission Critical For Business The Secure Web Gateway. Mission Critical For Business View this on demand webcast, compliments of Ironport, now! Go to the webcast  Managing Mobile Data with Endpoint Security for Laptops Download this white paper now, compliments of Computerworld and Absolute Software. (Source: Absolute Software) A NetworkWorld survey of IT professionals found that only 1 in 100 employees consistently follow data security policy. This paper outlines endpoint security for laptops that restricts data access beyond encryption to safeguard against insider threats and user error.Read this whitepaper to learn lessons from recent data breaches, limitations of traditional data security, and how to remotely wipe out data and monitor computers that go off the network. Download this executive briefing  Creating a green data center to help reduce energy costs and gain a competitive advantage Download this new white paper today! (Source: VMware) With today's rapid IT growth, companies are looking to consolidate datacenter operations to achieve space and cost savings. And as energy costs continue to rise, datacenter efficiency becomes even more important. This IBM report details how companies are reducing energy usage and costs to gain a completive advantage. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Learn how Xythos and Microsoft enable customers to benefit from the best of both approaches to document management and collaboration. NetApp and VMware Virtual Infrastructure 3 Storage Best Practices Environmental Sustainability and Networking View more whitepapers

• Microsoft's Web site overwhelmed by would-be Windows 7 downloaders
• Review: Windows 7 Beta 1 shows off new task bar, more UI goodies
• FAQ: How to get the Windows 7 beta
• More top stories