Unpatched machines 'Net's biggest threat'

Unpatched computers continue to represent the IT world's biggest security problem, keeping threats that target software vulnerabilities at the top of McAfee's latest industry analysis.

In its report covering security threats during the first quarter, McAfee's Anti-virus and Vulnerability Emergency Response Team (AVERT) said Monday that more than 1,000 new attacks aimed at software vulnerabilities emerged in the first three months of this year. The total amounts to a roughly 6 percent increase, compared with the same period last year. McAfee also noted that it received word of more than 200,000 vulnerability-oriented attacks during the first quarter.

McAfee said that while software makers have improved their ability to respond to vulnerabilities as the flaws are discovered, it found that at least 50 percent of computers connected to the Internet remain improperly protected by product updates or patches.

Vincent Gullotto, vice-president of AVERT, said that malicious-code writers are finding ways to make a buck off unprotected PCs, which is driving greater numbers of vulnerability-based attacks.

"At least three of the eight-to-10 most malicious pieces of code out there were vulnerability-related with some form of [user] redirect going on, which is getting big because of that sort of attack's ability to make money," Gullotto said. "People are finding a way to gain access to control a machine, or group of machines, through a variety of ways, and to then use those computers to spam or steal."

And in addition to more traditional vulnerability hacks, through which people might try to steal items like valuable corporate data, McAfee said that criminals are getting more sophisticated with the sort of schemes they devise. In one trend particularly popular in Brazil, criminals have taken to stealing data to create fraudulent bank cards and helping themselves to people's bank accounts.

Gullotto said the high incidence of attacks aimed at directly generating money also indicates a greater likelihood that organised crime has begun to influence the hacking community. But even script kiddies may be helping to power these attacks, he said.

"We believe the [professional hackers and script kiddies] are split even farther apart than before, but some of the really high-level people creating complicated malware code to make money may also pass or sell it to the script kiddies," Gullotto said. "We've seen that kind of thing for a time, but the money element is involved, which could help this whole process better sustain itself."

While the volume of mass-mailing viruses actively tracked by McAfee continued to decline in the first quarter, as they have over the last year, AVERT said the Bagle, Netsky and MyDoom threats were the most popular attacks reported during the first three months of 2005.

Security reports regarding adware applications also grew during the first quarter, according to the report. Of the 5 million customers using McAfee's software products, AVERT found that 1.5 million of them reported adware present on their systems, with each machine harbouring an average of three different kinds of the hidden programs.

Phishing attacks, a form of online threat aimed at stealing personal data for criminal use or identity theft, continued to increase rapidly during the first quarter, the report said. According to AVERT's research, the frequency of phishing attacks is growing by 25 percent per month — evidence of a higher level of sophistication.

Reports of viruses crafted to attack mobile devices have also increased dramatically, according to AVERT. While such attacks are not yet a major threat to end users, the researchers tracked a jump in the number of malicious programs targeting smartphones and mobile phones during the first quarter, specifically those running on the Symbian operating system. In the fourth quarter of 2004, AVERT was following only five different strains of Symbian-related viruses, whereas now it is reporting on 50 versions of the threat.