• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Phishing, Zero-Days Top Symantec’s Security List

    December 11, 2006 Alex Woodie

    Symantec last week issued an end-of-the-year report on the state of IT security, and the findings may surprise you–or they may not, depending on how closely you’ve followed the security goings-on during the last 12 months. In any case, if one had to pick the two most important security trends for 2006, it would be tough to beat the meteoric rise of phishing and zero-day exploits.

    Phishing, an activity engaged in by criminals to perpetrate identity theft and the financial misdeeds that inevitably follow, increased dramatically in the first half of 2006, when Symantec detected close to 900 unique phishing messages a day, an increase from nearly 500 per day over the previous six month period, the security software giant says.

    A closer analysis of phishing trends reveals that phishing e-mails dip on the weekends and rebound on–of all days–Tuesdays, which Symantec took to suggest that phishers operate during standard work days (although it would be a stretch to consider them working Joes like you and me).

    A quick glance at your unprotected inbox will also confirm Symantec’s finding that nine of the top 10 phished brands were financial institutions. (News bulletin: if you don’t have a Washington Mutual checking account, don’t follow the links to change your password.) What’s more, seven out of 10 spoofed brands that Symantec observed are based in the U.S., while the great state of Florida led the way among the most spoofed local brands, Symantec says.

    The other major security trend involves zero-day exploits, the phenomenon you get when black hat hackers and other techno ne’er-do-wells blindside the computer-using community by launching attacks or releasing attack code blueprints on the Web on the same day on which that vulnerability is first publicly revealed to the owner of the vulnerable product (usually Microsoft), and suckers like you and me.

    Symantec noted several high-profile zero-day attacks, including the Windows WMF vulnerability in late 2005 and early 2006, and several other attacks on Office products in May 2006. But Microsoft isn’t the only target; a Japanese word processing product called Ichitaro was hit with two zero-day exploits, Symantec notes.

    The prognosis for zero-day attacks is not good, and the situation will likely get worse before it gets better. According to Symantec, the average time it took developers to come up with a patch for a security hole was 31 days for the first half of this year. However, the average time for hackers to develop exploit code was three days, leaving, on average, a 28-day window of exposure, Symantec says.

    Also included in Symantec’s report was rootkit technology, a hard-to-detect way of comprising a computer system, which quickly emerged in 2005, but hasn’t made many headlines in 2006. Despite the lack of press, Symantec says the use of rootkits–in particular user-mode rootkits, but also kernel-mode rootkits–has grown over the last 12 months, to the point where it is now common.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: mtfh_rc, Volume 15, Number 49 -- December 11, 2006

    Sponsored by
    LaserVault

    Integrate Virtual Tape For Better Backups, Faster Recovery, And More Flexibility

    Virtual tape and virtual tape libraries offer a way to both simplify and strengthen backup and recovery operations. By incorporating virtual tape technology, automation of backups becomes possible resulting in hundreds of hours saved annually for IT departments and personnel.

    LaserVault ViTL is a virtual tape and tape library solution developed specifically for use with IBM Power Systems (from AS/400 to iSeries to Power 9s). See a demo and get a $50 gift card.

    With ViTL you can:

    • Replace physical tape and tape libraries and associated delays
    • Automate backup operations, including the ability to purge or archive backups
    • Remotely manage your backups – no need to be onsite with your server
    • Save backups to a dedupe appliance and the cloud
    • Recover your data at lightspeed greatly improving your ability to recover from cyberattacks
    • And so much more

    “The ViTL tapeless solution has truly made my job easier. It has given me more confidence in our full system recovery ability – but at the same time I hope it is never needed.” IBM i Administrator at a financial services company

    Sign-up now to see a ViTL online demo and get a $50 Amazon e-gift card when the demo is complete as our way of saying thanks for your time. Plus when you sign-up you’ll receive a free facts comparison sheet on using virtual tape vs tape so you can compare the functionality for yourself.

    LaserVault.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Admin Alert: Quick and Dirty Ways to Find Job Gone Wild Stuff I Didn’t Publish This Year

    Leave a Reply Cancel reply

TFH Volume: 15 Issue: 49

This Issue Sponsored By

    Table of Contents

    • Azul Systems Revamps Compute Appliances with 48-Core Vega2 Chip
    • Forrester Predicts IT Spending Slowdown in 2007
    • The Business Case for the System iWant
    • Evans Data Cases Programming Language Popularity
    • Rocket Software Inks Deal to Buy Seagull Software
    • Lotus SameTime Connects With Major IM Communities
    • Saving the System i: Fight Pervasive with Pervasive
    • Q4bis Teams Up with SM Consulting for Business Intelligence
    • As I See It: Sweating the Little Stuff
    • Phishing, Zero-Days Top Symantec’s Security List

    Content archive

    • The Four Hundred
    • Four Hundred Stuff
    • Four Hundred Guru

    Recent Posts

    • COMMON Set for First Annual Conference in Three Years
    • API Operations Management for Safe, Powerful, and High Performance APIs
    • What’s New in IBM i Services and Networking
    • Four Hundred Monitor, May 18
    • IBM i PTF Guide, Volume 24, Number 20
    • IBM i 7.3 TR12: The Non-TR Tech Refresh
    • IBM i Integration Elevates Operational Query and Analytics
    • Simplified IBM i Stack Bundling Ahead Of Subscription Pricing
    • More Price Hikes From IBM, Now For High End Storage
    • Big Blue Readies Power10 And IBM i 7.5 Training for Partners

    Subscribe

    To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

    Pages

    • About Us
    • Contact
    • Contributors
    • Four Hundred Monitor
    • IBM i PTF Guide
    • Media Kit
    • Subscribe

    Search

    Copyright © 2022 IT Jungle

    loading Cancel
    Post was not sent - check your email addresses!
    Email check failed, please try again
    Sorry, your blog cannot share posts by email.