• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Phishing, Zero-Days Top Symantec’s Security List

    December 11, 2006 Alex Woodie

    Symantec last week issued an end-of-the-year report on the state of IT security, and the findings may surprise you–or they may not, depending on how closely you’ve followed the security goings-on during the last 12 months. In any case, if one had to pick the two most important security trends for 2006, it would be tough to beat the meteoric rise of phishing and zero-day exploits.

    Phishing, an activity engaged in by criminals to perpetrate identity theft and the financial misdeeds that inevitably follow, increased dramatically in the first half of 2006, when Symantec detected close to 900 unique phishing messages a day, an increase from nearly 500 per day over the previous six month period, the security software giant says.

    A closer analysis of phishing trends reveals that phishing e-mails dip on the weekends and rebound on–of all days–Tuesdays, which Symantec took to suggest that phishers operate during standard work days (although it would be a stretch to consider them working Joes like you and me).

    A quick glance at your unprotected inbox will also confirm Symantec’s finding that nine of the top 10 phished brands were financial institutions. (News bulletin: if you don’t have a Washington Mutual checking account, don’t follow the links to change your password.) What’s more, seven out of 10 spoofed brands that Symantec observed are based in the U.S., while the great state of Florida led the way among the most spoofed local brands, Symantec says.

    The other major security trend involves zero-day exploits, the phenomenon you get when black hat hackers and other techno ne’er-do-wells blindside the computer-using community by launching attacks or releasing attack code blueprints on the Web on the same day on which that vulnerability is first publicly revealed to the owner of the vulnerable product (usually Microsoft), and suckers like you and me.

    Symantec noted several high-profile zero-day attacks, including the Windows WMF vulnerability in late 2005 and early 2006, and several other attacks on Office products in May 2006. But Microsoft isn’t the only target; a Japanese word processing product called Ichitaro was hit with two zero-day exploits, Symantec notes.

    The prognosis for zero-day attacks is not good, and the situation will likely get worse before it gets better. According to Symantec, the average time it took developers to come up with a patch for a security hole was 31 days for the first half of this year. However, the average time for hackers to develop exploit code was three days, leaving, on average, a 28-day window of exposure, Symantec says.

    Also included in Symantec’s report was rootkit technology, a hard-to-detect way of comprising a computer system, which quickly emerged in 2005, but hasn’t made many headlines in 2006. Despite the lack of press, Symantec says the use of rootkits–in particular user-mode rootkits, but also kernel-mode rootkits–has grown over the last 12 months, to the point where it is now common.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: mtfh_rc, Volume 15, Number 49 -- December 11, 2006

    Sponsored by
    Raz-Lee Security

    Raz-Lee Security is the leader in security and compliance solutions that guard business-critical information on IBM i servers. We are committed to providing the best and most comprehensive solutions for compliance, auditing, and protection from threats and ransomware. We have developed cutting-edge solutions that have revolutionized analysis and fortification of IBM i servers.

    Raz-Lee’s flagship iSecurity suite of products is comprised of solutions that help your company safeguard and monitor valuable information assets against intrusions. Our state-of-the-art products protect your files and databases from both theft and extortion attacks. Our technology provides visibility into how users access data and applications, and uses sophisticated user tracking and classification to detect and block cyberattacks, unauthorized users and malicious insiders.

    With over 35 years of exclusive IBM i security focus, Raz-Lee has achieved outstanding development capabilities and expertise. We work hard to help your company achieve the highest security and regulatory compliance.

    Key Products:

    • AUDIT
    • FIREWALL
    • ANTIVIRUS
    • ANTI-RANSOMWARE
    • MULTI-FACTOR AUTHENTICATION
    • AP-JOURNAL
    • DB-GATE
    • FILESCOPE
    • COMPLIANCE MANAGER
    • FIELD ENCRYPTION

    Learn about iSecurity Products at https://www.razlee.com/isecurity-products/

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Admin Alert: Quick and Dirty Ways to Find Job Gone Wild Stuff I Didn’t Publish This Year

    Leave a Reply Cancel reply

TFH Volume: 15 Issue: 49

This Issue Sponsored By

    Table of Contents

    • Azul Systems Revamps Compute Appliances with 48-Core Vega2 Chip
    • Forrester Predicts IT Spending Slowdown in 2007
    • The Business Case for the System iWant
    • Evans Data Cases Programming Language Popularity
    • Rocket Software Inks Deal to Buy Seagull Software
    • Lotus SameTime Connects With Major IM Communities
    • Saving the System i: Fight Pervasive with Pervasive
    • Q4bis Teams Up with SM Consulting for Business Intelligence
    • As I See It: Sweating the Little Stuff
    • Phishing, Zero-Days Top Symantec’s Security List

    Content archive

    • The Four Hundred
    • Four Hundred Stuff
    • Four Hundred Guru

    Recent Posts

    • N2i Gains Traction Among IBM i Newbies
    • Realizing The Promise Of Cross Platform Development With VS Code
    • 2023 IBM i Predictions, Part 3
    • Four Hundred Monitor, January 25
    • Join The 2023 IBM i Marketplace Survey Webinar Tomorrow
    • It Is Time To Have A Group Chat About AI
    • 2023 IBM i Predictions, Part 2
    • Multiple Vulnerabilities Pop Up In Navigator For i
    • Participate In The 2023 IBM i Marketplace Survey Discussion
    • IBM i PTF Guide, Volume 25, Number 4

    Subscribe

    To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

    Pages

    • About Us
    • Contact
    • Contributors
    • Four Hundred Monitor
    • IBM i PTF Guide
    • Media Kit
    • Subscribe

    Search

    Copyright © 2022 IT Jungle

    loading Cancel
    Post was not sent - check your email addresses!
    Email check failed, please try again
    Sorry, your blog cannot share posts by email.