April 25, 2005 9:06 AM PDT

McAfee: Vulnerabilities still worst threat

By Matt Hines
Staff Writer, CNET News

Unpatched computers continue to represent the IT world's biggest security problem, keeping threats that target software vulnerabilities at the top of McAfee's latest industry analysis.

In its report covering security threats during the first quarter, McAfee's Anti-virus and Vulnerability Emergency Response Team (AVERT) said Monday that more than 1,000 new attacks aimed at software vulnerabilities emerged in the first three months of this year. The total amounts to a roughly 6 percent increase, compared with the same period last year. McAfee also noted that it received word of more than 200,000 vulnerability-oriented attacks during the first quarter.

McAfee said that while software makers have improved their ability to respond to vulnerabilities as the flaws are discovered, it found that at least 50 percent of computers connected to the Internet remain improperly protected by product updates or patches.

Vincent Gullotto, vice president of AVERT, said that malicious-code writers are finding ways to make a buck off unprotected PCs, which is driving greater numbers of vulnerability-based attacks.

"At least three of the eight-to-10 most malicious pieces of code out there were vulnerability-related with some form of (user) redirect going on, which is getting big because of that sort of attack's ability to make money," Gullotto said. "People are finding a way to gain access to control a machine, or group of machines, through a variety of ways, and to then use those computers to spam or steal."

And in addition to more traditional vulnerability hacks, through which people might try to steal items like valuable corporate data, McAfee said that criminals are getting more sophisticated with the sort of schemes they devise. In one trend particularly popular in Brazil, criminals have taken to stealing data to create fraudulent ATM cards and helping themselves to people's bank accounts.

Gullotto said the high incidence of attacks aimed at directly generating money also indicates a greater likelihood that organized crime has begun to influence the hacking community. But even script kiddies--or people simply looking to wreak havoc on the Internet--may be helping to power these attacks, he said.

"We believe the (professional hackers and script kiddies) are split even farther apart than before, but some of the really high-level people creating complicated malware code to make money may also pass or sell it to the script kiddies," Gullotto said. "We've seen that kind of thing for a time, but the money element is involved, which could help this whole process better sustain itself."

While the volume of mass-mailing viruses actively tracked by McAfee continued to decline in the first quarter, as they have over the last year, AVERT said the Bagle, Netsky and MyDoom threats were the most popular attacks reported during the first three months of 2005.

Security reports regarding adware applications also grew during the first quarter, according to the report. Of the 5 million customers using McAfee's software products, AVERT found that 1.5 million of them reported adware present on their systems, with each machine harboring an average of three different kinds of the hidden programs.

Phishing attacks, a form of online threat aimed at stealing personal data for criminal use or identity theft, continued to increase rapidly during the first quarter, the report said. According to AVERT's research, the frequency of phishing attacks is growing by 25 percent per month--evidence of a higher level of sophistication.

Reports of viruses crafted to attack mobile devices have also increased dramatically, according to AVERT. While such attacks are not yet a major threat to end users, the researchers tracked a jump in the number of malicious programs targeting smart phones and mobile phones during the first quarter, specifically those running on the Symbian operating system. In the fourth quarter of 2004, AVERT was following only five different strains of Symbian-related viruses, whereas now it is reporting on 50 versions of the threat.

See more CNET content tagged:
McAfee Inc., software vulnerability, vulnerability, threat, attack

Add a Comment (Log in or register) 1 comment
Interesting
by April 25, 2005 11:59 AM PDT
Mcaffee issues a waring about the same time as x-mas sale computer trial subscriptions run out.
Reply to this comment
Powered by Jive Software
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right

  • Nanotech: The Circuits Blog

    Timing rumors surface for AMD plant spin-off

    Rumors persist that Advanced Micro Devices is planning to spin off all or part of its manufacturing operations.

  • Gallery

    Photos: Ron Paul's RNC alternative

    As the Republican convention took place just miles away, a crowd rallied for the former presidential candidate and his message of limited government, ensured civil liberties, lower taxes, and peace.

  • Digital Noise: Music and Tech

    Was 1980s music that bad?

    NPR asks listeners which year featured the best music, and the 1980s emerge as a bleak era. Personally, the '80s figure prominently in my collection, but well behind the 1970s.

  • Beyond Binary

    Microsoft begins big ad push

    Microsoft's multi-year push, estimated at $300 million, begins with a spot featuring Bill Gates and Jerry Seinfeld aired during Thursday's NFL game.

  • Video

    YouTube plays party politics

    During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.

  • News - Digital Media

    Michael Moore plans Net-only film premiere

    Filmmaker plans to premiere his latest documentary exclusively on the Internet for free, forgoing the traditional theatrical release.

  • Video

    Political party playlists

    We know the Democrats and Republicans are split over policy issues, but does their musical taste fall down party lines too? And what kind of gadgets did they bring to the conventions to listen to their music? CNET reporter Kara Tsuboi finds out.

  • News - Politics and Law

    What you can--and can't--find about Palin on the Internet

    John McCain's choice of Sarah Palin as a running mate has inspired a wealth of creativity on the Internet.

  • News - Cutting Edge

    Execs predict next Google-like tech

    On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.

  • Gallery

    Photos: The brains behind Google Chrome

    Here's a look at some of the engineers and executives who took the stage at the company's headquarters as they unveiled the new browser.

  • Crossfade

    Ying Yang Twins, 'Look Back At It': Free MP3 of the Day

    This amped-up duo gets the party started with a mix of crisp, Southern hip-hop beats and shout-along rhymes. Download a free MP3 of "Look Back At It" courtesy of CNET Download Music.

  • Green Tech

    Clean-tech group forms to support Obama

    "Clean Tech and Green Business for Obama" aims to raise $1 million for the Democratic presidential nominee while elevating issues of climate change and alternative energy.

News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Dell
PlayStation 3
Wii
Windows Vista
CNET sites
CNET TV
Downloads
Forums
News
Reviews
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET