• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Phishing, Zero-Days Top Symantec’s Security List

    December 11, 2006 Alex Woodie

    Symantec last week issued an end-of-the-year report on the state of IT security, and the findings may surprise you–or they may not, depending on how closely you’ve followed the security goings-on during the last 12 months. In any case, if one had to pick the two most important security trends for 2006, it would be tough to beat the meteoric rise of phishing and zero-day exploits.

    Phishing, an activity engaged in by criminals to perpetrate identity theft and the financial misdeeds that inevitably follow, increased dramatically in the first half of 2006, when Symantec detected close to 900 unique phishing messages a day, an increase from nearly 500 per day over the previous six month period, the security software giant says.

    A closer analysis of phishing trends reveals that phishing e-mails dip on the weekends and rebound on–of all days–Tuesdays, which Symantec took to suggest that phishers operate during standard work days (although it would be a stretch to consider them working Joes like you and me).

    A quick glance at your unprotected inbox will also confirm Symantec’s finding that nine of the top 10 phished brands were financial institutions. (News bulletin: if you don’t have a Washington Mutual checking account, don’t follow the links to change your password.) What’s more, seven out of 10 spoofed brands that Symantec observed are based in the U.S., while the great state of Florida led the way among the most spoofed local brands, Symantec says.

    The other major security trend involves zero-day exploits, the phenomenon you get when black hat hackers and other techno ne’er-do-wells blindside the computer-using community by launching attacks or releasing attack code blueprints on the Web on the same day on which that vulnerability is first publicly revealed to the owner of the vulnerable product (usually Microsoft), and suckers like you and me.

    Symantec noted several high-profile zero-day attacks, including the Windows WMF vulnerability in late 2005 and early 2006, and several other attacks on Office products in May 2006. But Microsoft isn’t the only target; a Japanese word processing product called Ichitaro was hit with two zero-day exploits, Symantec notes.

    The prognosis for zero-day attacks is not good, and the situation will likely get worse before it gets better. According to Symantec, the average time it took developers to come up with a patch for a security hole was 31 days for the first half of this year. However, the average time for hackers to develop exploit code was three days, leaving, on average, a 28-day window of exposure, Symantec says.

    Also included in Symantec’s report was rootkit technology, a hard-to-detect way of comprising a computer system, which quickly emerged in 2005, but hasn’t made many headlines in 2006. Despite the lack of press, Symantec says the use of rootkits–in particular user-mode rootkits, but also kernel-mode rootkits–has grown over the last 12 months, to the point where it is now common.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: mtfh_rc, Volume 15, Number 49 -- December 11, 2006

    Sponsored by
    Chilli IT

    Chilli is one of the UKs leading IBM support and management providers with 20 years’ experience in the power and storage industry. Our bespoke solutions for maintenance, security and infrastructure delivers a service which is cost effective, increases productivity and enhances efficiency. Our ethical approach and unrivalled knowledge has secured business partnerships with blue-chip companies in the technology, retail, banking and travel sectors.

    As an IBM Business Partner, we provide you with the peace of mind that you are working in partnership with a company accredited to the highest standard. Our team of experts have worked together for many years and deliver projects which include consolidation, High Availability, Operating System upgrades; and backup and recovery installations.

    Contact us to see how we can help your business with IBM support and management.

    www.chilli-it.co.uk

    info@chilli–it.co.uk

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Admin Alert: Quick and Dirty Ways to Find Job Gone Wild Stuff I Didn’t Publish This Year

    Leave a Reply Cancel reply

TFH Volume: 15 Issue: 49

This Issue Sponsored By

    Table of Contents

    • Azul Systems Revamps Compute Appliances with 48-Core Vega2 Chip
    • Forrester Predicts IT Spending Slowdown in 2007
    • The Business Case for the System iWant
    • Evans Data Cases Programming Language Popularity
    • Rocket Software Inks Deal to Buy Seagull Software
    • Lotus SameTime Connects With Major IM Communities
    • Saving the System i: Fight Pervasive with Pervasive
    • Q4bis Teams Up with SM Consulting for Business Intelligence
    • As I See It: Sweating the Little Stuff
    • Phishing, Zero-Days Top Symantec’s Security List

    Content archive

    • The Four Hundred
    • Four Hundred Stuff
    • Four Hundred Guru

    Recent Posts

    • IBM i 7.3 TR12: The Non-TR Tech Refresh
    • IBM i Integration Elevates Operational Query and Analytics
    • Simplified IBM i Stack Bundling Ahead Of Subscription Pricing
    • More Price Hikes From IBM, Now For High End Storage
    • Big Blue Readies Power10 And IBM i 7.5 Training for Partners
    • IBM Delivers More Out-of-the-Box Security with IBM i 7.5
    • Groundhog Day For Malware
    • IBM i Community Reacts to IBM i 7.5
    • Four Hundred Monitor, May 11
    • IBM i PTF Guide, Volume 24, Number 19

    Subscribe

    To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

    Pages

    • About Us
    • Contact
    • Contributors
    • Four Hundred Monitor
    • IBM i PTF Guide
    • Media Kit
    • Subscribe

    Search

    Copyright © 2022 IT Jungle

    loading Cancel
    Post was not sent - check your email addresses!
    Email check failed, please try again
    Sorry, your blog cannot share posts by email.