Download Fraud Eliminator to Protect Yourself from Phishing Scams

Spyware Statistics -- What's New in May 2005


Alexandra Gamanenko

The results of Spy Audit survey made by ISP Earthlink and Webroot Software are still fresh in memory of IT security experts. The study lasted for the whole last year; more than 4.6 million system scans were made in 2004. On May 3, 2005 the Webroot's State of Spyware Report was released. What's new in Q1 2005?

Although statistics often is blamed for various deadly sins -- from being biased to being inaccurate -- there is nothing left to those who are anyhow connected with IT but to keep up with fresh data. Since spyware is literally ubiquitous, nobody who owns or uses a PC can say that it is none of his business. So general public also has to keep an eye on the news about spyware.

On May 3 Webroot Software, a privately held anti-spyware company based in Boulder, Colorado, released a comprehensive report on spyware, The State of Spyware Report, -- an in-depth review and analysis of the impact of spyware, adware and other types of unwanted software on consumers and enterprises.

The results of Spy Audit survey made by ISP Earthlink and Webroot Software are still fresh in memory of IT security experts. The study lasted for the whole last year; more than 4.6 million system scans were made in 2004. What's new in 2005?

"Industry experts suggest that these types of programs [i.e. spyware in general] may reside on up to 90 percent of all Internet-connected computers" that's the quote from the last year's Spy Audit survey. The first quarter of 2005, alas, confirmed these suggestions.

During Q1, 2005, 88% of scans made with Webroot's SpyAudit software found some form of unwanted program (Trojan, system monitor, cookie or adware) on consumers' computers. The majority (87%) of corporate PCs also had unwanted programs or cookies.

Excluding cookies, which are not such a serious problem as key logger programs or Trojan horses, more than 55% of corporate PCs contained unwanted programs. There were an average of 7.2 non-cookie infections per PC.

System monitors (key logger programs) were found in 7% cent of consumer and enterprise PCs scanned by Webroot's software. In Q4 2004 there were 19%. Trojan horse programs were found on 19% of consumer PCs and 7% of enterprise PCs, the same figures as in Q4 2004.

This year's State of Spyware Report data come from Webroot's SpyAudit results and from online research made by Phileas, Webroot's automated spyware research system. Phileas has identified 4,294 sites (with almost 90,000 pages) containing some form of spyware.

This report for the first quarter of 2005 entirely confirmed the concept that had become as clear as day in 2004 -- from being not much more than a nuisance for PC users, spyware turned into one of the major threats to information security.

Since the Internet has become a part of daily life and business, rapid growth of such kinds of cybercrime as identity theft and phishing endanger the whole society. Some types of spyware, namely software capable of stealing passwords, SSNs and other valuable information (keyloggers and keylogger-containing malware), certainly facilitate these crimes.

The complete report for Q1 2005 is available at http://www.webroot.com/stateofspyware (Registration is required) In the future an updated version of Webroot's State of Spyware Report will be released at the end of each quarter. Keep an eye on the news!

Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company.
The company's R&D department created an innovative technology, which disables the very processes of information capturing -- keylogging, screenshoting, etc.
Learn more -- visit the company's website
www.anti-keyloggers.com

Download Fraud Eliminator to Protect Yourself Click Here


Know your Enemy: Phishing.
Know your Enemy: Phishing. This KYE white paper aims to provide practical information on the practice of phishing and draws on data collected by the German Honeynet Project and UK Honeynet Project. This paper focuses on real world incidents that the Honeynet Project has observed in the wild, but does not cover all possible phishing methods or techniques. Attackers are constantly innovating and advancing, and there are likely to be new phishing techniques already under development or in use today. [LinuxSecurity.com]

Information Week: MasterCard Shuts Down 1,400 Phishing Sites "But the number of phishing sites c...
...ontinued to grow by 26% per month between July and February"

Netflix Fixes "Phishing" Security Threat
Christopher tipped me off to a Bugtraq Mailing list thread about a possible Netflix security problem involving "Phishing." This is the Wikipedia definition of phishing: In computing, phishing is the act of attempting to fraudulently acquire through deception sensitive personal information such as passwords and credit card details by masquerading in an official-looking email, IM, etc. as someone trustworthy with a real need for such information. It is a form of social engineering attack. Here's a link to an example of a phishing e-mail. This is an example of phishing HTML code: https://www.netflix.com/redirect.jsp?target=http://dummy.site.com/ This was just a warning and...

Phishing and Anti-phishing Mitigations and Technologies
Phishing is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card information, pretend as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). Phishing is considered a criminal behavior. In the United States, the Anti-Phishing Act of 2005 was introduced.

Know your Enemy: Phishing
Phishing is the practice of sending out fake emails, or spam, written to appear as if they have been sent by banks or other reputable organisations, with the intent of luring the recipient into revealing sensitive information such as usernames, passwords, account IDs, ATM PINs or credit card details. This white paper aims to provide practical information on the practice of phishing and draws on data collected by the German Honeynet Project and UK Honeynet Project. This paper focuses on real world incidents that the Honeynet Project has observed in the wild, but does not cover all possible phishing methods or techniques. Attackers are constantly innovating and advancing, and there are likely to be new phishing techniques already under development or in use today.┬╗See More RSS Feeds

BOOK Review - Phishing - Cutting the Identity Theft Line
Phishing - Cutting the Identity Theft LineThe first 3rd of this book was a good coverage of Phishing with interesting information on techniques, prevalence, up trend, etc.  After that the book feels like the authors ran out of material and began to scurry between subjects like network address translation, intrusion detection systems, and enterprise incident response teams. Basic 101 security stuff available in far better detail else ware. Ultimately the authors suggestions revolve around hating Microsoft, buying a new Macintosh, etc. and not using the web at all. Again, the first 3rd of this book was quite good but the rest seemed to read like page filler. Still, it seems to be the first and only book dedicated to Phishing. Im looking forward Phishing Exposed pending its release by Syngress.

UK Based Phishing IQ Test
Some time ago I posted a link to an American Phishing test. I'm pleased to tell you that there is now a UK Phishing Test using UK examples that might make rather more sense to us than the American one. Phishing, for those who don't know, are fake emails that supposedly come from banks etc. that are designed to get us to give out personal details, which can then be used to get money out of accounts and so on. No-one would fall for them, surely? If you're sure you're too clever then try the test and see how well you do!

14,411 phishing attempts in April 2005
In April 2005, the number of phishing attempts rose to 14,411, says Anti-Phishing Working Group. A drop in unique phishing e-mails was reported, down to 3,930, from 4,100 in March 2005. Number of phishing Web sites hosted in China increased to 2,854 active phishing sites reported in April 2005 (22% of total). 26.3% of phishing [...]

Download Fraud Eliminator to Protect Yourself Click Here