TechWeb

McAfee: June Hack Tops So Far In 2004

Jul 26, 2004 (11:07 AM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=25600482


While mass mailers continue to plague businesses and spyware is the big evil for consumers, the most serious threat in the first half of the year was the Download.Ject/Scob attack, which exploited still-unpatched vulnerabilities in Microsoft's Internet Explorer, McAfee said Monday.

McAfee's virus research and response team--dubbed Avert--ranked the Top 10 threats for the first six months of 2004, and put Download.Ject/Scob, a Trojan horse that infected Internet Explorer users' machines in a brief attack in late June, in the top spot. "At the time, [Download.Ject/Scob] seemed kind of minor, but once it got into networks, the impact was huge," Brian Mann, the outbreak manager for Avert, said in defending the ranking.

Avert also rated it tops, said Mann, as a kind of placeholder for the high number of attacks that use HTML code to move malicious code onto users' machines, as well as a way to spotlight the increasingly dangerous trend of behind-the-scenes attacks.

In the case of the Download.Ject/Scob Trojan, users were infected when they visited compromised servers running Microsoft's Internet Information Services software; vulnerabilities in their Internet Explorer browsers allowed the Trojan to open a back door and steal confidential information, all without users' knowing anything was afoot.

No. 2 on the hot list was VBS/Psyme, another Trojan that exploited a vulnerability in Internet Explorer. "The amount of different malware that uses these tactics is phenomenal," said Mann.

To come up with its Top 10 list, McAfee tallied the usual virus submissions by its clients, but also integrated factors such as customer impact--based on conversations with companies that use its anti-virus and security software-- and whether the attacks exploit an unpatched vulnerability.

Three of the Top 10 are variations of the Netsky worm, which leaped to prominence early this year as it engaged in a tit-for-tat exchange with rival Bagle. "The war between the Bagle and Netsky authors caused a tremendous increase in the number of virus attacks seen this year," said Mann. Of the four worms on the list were Netsky.d, Netsky.p, and Netsky.q; the other was the original MyDoom.

Four of the Top 10 spots in McAfee's list were occupied by various adware and spyware threats, proof that this security risk category is serious, and not just a danger to consumers.

"Spyware is most definitely a problem for enterprises," said Mann. There the biggest concern is over possible loss of critical and confidential data, Mann continued. "They're worried about what spyware is delivering, what it's doing to their systems."

The rise in spyware's seriousness--60% of the malicious threats McAfee tracked during the first half of the year were what it dubbed "Potentially Unwanted Programs, which includes spyware--is due to a number of factors, including better hacker technology, more virulent spyware, and devious tactics such as programs that automatically replace one uninstalled piece of spyware with another.

Overall, McAfee saw a continued increase in the number of security threats, and a dramatic climb in those it found worthy of watching. It counted a 20% increase in threats during the first half of 2004 compared with 2003, and had tagged more threats as "medium" or higher during 2004's first quarter than it did in all of 2003. "I've seen it from both the support side and the research side," Mann said, "and the increase of high-risk threats is just incredible."