CA 2007 Internet Threat Outlook Finds Rise in Sophisticated Attacks Against Savvy PC Users

CA, Inc. issued a report that warns of a new level of cyber-crime potential as increasingly sophisticated attackers aim to steal intellectual property, personal identities and the contents of bank accounts across international borders, and within organizations and social networks.

The CA 2007 Internet Threat Outlook which outlines the top cyber security threats for 2007, is based on data compiled by the CA Security Advisor Team.

"Malware writers continue to blur the line between trojans, worms, viruses and spyware," said Brian Grayek, vice president of Malicious Content Research for CA. "Spyware distributors have adopted the stealth techniques of virus and worm authors, and can now adapt quickly to uncover and exploit the slightest vulnerability. PC users must therefore be aware that they can get in a lot of trouble simply by visiting a website - and that the bad guys no longer need to entice them to open an email attachment to wreak havoc on their machines."

Predictions from the CA 2007 Internet Threat Outlook include:

1. Blended threats will continue to evolve: In addition to using spam to distribute trojans and other malware, attackers will increasingly use multi-phased exploits to take control of unsuspecting users’ computers, steal private information, and perpetrate other attacks.

In 2006, trojans accounted for 62 percent of all malware; worms accounted for 24 percent; and viruses and other types of malware accounted for the remaining 13 percent. With the advent of the WMF exploit for "drive-by" downloads, 2006 also marked the first year that a spyware variant used a zero-day exploit to take advantage of a vulnerability that was previously unknown to the general public.

2. Phishers will get smarter: Users should expect social engineering tactics to become more convincing and more effectively targeted at the knowledgeable user. Fake phishing emails with subjects such as "to verify your account" will be replaced by more clever attempts, such as worms disguised as "mail failure" notices.

3. Spam will increase: The last quarter of 2006 saw a huge increase in spam, largely because of image-based spam which can evade most anti-spam filters. Due to the low cost of sending mass spam -especially through botnets - cyber criminals will increasingly use this medium to distribute trojans.

4. Targeted attacks will increase: Criminals or disgruntled employees can use malware for corporate espionage or to steal intellectual property. For example, an employee’s home or office computer can be infected by visiting a pornography or gambling site where criminals have planted a keylogger or spyware to transmit salable information. Criminals also can use ransomware to "kidnap" a user’s data until the user is willing to pay for its release.

5. The rise of kernel rootkits: A rootkit is a cloaking technology that allows an intruder to hide malicious activity on a previously compromised machine. Using a rootkit, an attacker can hide malware such as backdoors, sniffers and keyloggers. The CA Security Advisor Team expects to see a rise in kernel rootkits, which are especially dangerous because they can be difficult to detect without appropriate software. Kernel rootkits add code or replace a portion of kernel code with modified code to hide a backdoor.

6. Increased exploitation of browser and application vulnerabilities beware: As cyber criminals find it harder to break through security defenses with traditional attacks, they will increasingly exploit vulnerabilities in Web browsers and applications. The release of new software versions will provide fertile ground for discovering new vulnerabilities.

7. Typo-squatting on search engines: Hackers will increasingly seek to poison search engine rankings and to perpetrate click-fraud on ad networks. Typo-squatting — linking easily mistyped domains to malicious sites - will become more prevalent.

CA views the increase in rogue anti-spyware programs as another alarming trend for 2007. Criminals are preying on consumers and small businesses via these "free" anti-spyware programs that actually contain the malware they purport to address. Instead of cleaning users’ computers, these attackers try to get money from users through deception.

While these predictions may seem grim, CA and other security companies are moving quickly to provide the tools and information that individuals and companies need to help protect themselves from harm.

 [January 25, 2007]

Send this IT news to a friend
Recipient :
(enter the e-mail address of the recipient)

(enter your name)

(enter your e-mail address)


Other IT news about CA Technologies

  • CA Technologies Unleashes Next Generation of Application Performance Management (December 14, 2011)
  • Rove to Showcase Mobile Admin at CA World 2011 (November 11, 2011)
  • CA World 2011 Showcases "IT at the Speed of Business" (November 3, 2011)
  • CA Technologies to Deliver Backup and Recovery Solution Using Microsoft’s Windows Azure Cloud Platform (May 11, 2011)
  • CA Technologies Promotes David Ridout to Lead Canadian Operations (April 28, 2011)
  • Organisations’ Virtual Environments at Risk from Inadequate Security Management, New Independent Study Commissioned by CA Technologies Reveals (December 6, 2010)
  • Survey: Canadian executives see cloud computing as important to their company’s success (December 3, 2010)
  • CA Technologies Looks at Christmas Web Stress (November 22, 2010)
  • CA Technologies Acquires Virtualization and Cloud Infrastructure Consulting Firm (August 16, 2010)
  • SAP and CA Technologies Bring Business Relevance to IT GRC (July 16, 2010)
  • CA Technologies Unveils Cloud Management Strategy At CA World 2010 (May 19, 2010)
  • CA Technologies Expands and Enhances Virtualization Management Portfolio to Help Customers Increase Business Agility (May 18, 2010)
  • CA to Acquire Nimsoft (March 15, 2010)
  • CA Expands Offerings for Unified Business Service Assurance and Automation for Next-Generation Virtualized Data Centers and Private Clouds (July 7, 2009)
  • CA Global Survey: Economic Downturn Drives Increased Spending on IT Security (April 24, 2009)
  • CA Global Survey Finds Security a Primary Concern for SOA and Web Services Implementations (November 17, 2008)
  • CA Selects Callidus Software TrueComp Solution for Global Sales Performance Management (July 24, 2008)
  • CA Bolsters Network Security and Reduces Risk With AlgoSec Firewall Analyzer (June 25, 2008)
  • CA to Deliver Enterprise Risk Mitigation and Compliance Solutions for Microsoft Exchange Server 2007 (November 9, 2006)
  • 83 Percent of Adults Who Social Network Expose Themselves to Hackers and Identity Thieves (October 4, 2006)
  • CA Acquires MDY, Leading Provider of Records Management Software and Services (June 13, 2006)
  • CA Delivers Enterprise Message Management and Compliance Support for Oracle Collaboration Suite 10g (March 14, 2006)
  • CA Security Solutions Earn Checkmark Certification for Detecting Spyware, Viruses and Trojans (March 13, 2006)
  • CA Completes Wily Acquisition (March 7, 2006)

    Website based on SPIP, an Open Source program under GNU/GPL licence