2007: a year of sophisticated web threats

This year has seen even moresophisticated and targeted web attackscome of age, says theMessageLabs Intelligence 2007 Annual Security Report.

The web security firm says 2007 has been a year of diversity, because of the vast number of new tactics, techniques and trojans entering the security market during the last 12 months.

Spam retains the title of "dominant menace" with annual spam levels reaching 84.6% of messages sent. But rather than just playing the volume game, the spammers also introduced an additional 10% of new and previously unknown spam attacks from 2006.

The notorious Storm botnet, which appeared early in 2007, is likely to take some credit for the increased innovation, said MessageLabs, especially through its distribution of 15 million e-mails, with MP3 attachments, new to the market in October.

"With consumers handing cyber criminals their personal details through social networking sites and the Storm botnet literally taking the market by storm, it has been an attention-grabbing 12 months," said Mark Sunner, chief security analyst at MessageLabs.

"Although targeted attacks seem to be high on the threat agenda, the war between businesses and the bad guys significantly heightened in 2007, as new threats appeared from every angle and on every communications channel. If 2008 is as frenzied as this year, businesses need to prepare for battle and ensure they have their protection in place," he said.

As the year progressed, so did the variety in file attachments being used as well as the transition to using malicious links, which are able to travel under the radar of signature based anti-virus technology and provoking less suspicion from the e-mail recipients.

At the beginning of the year, only 3% of e-mail-borne viruses contained malicious links, said MessageLabs. However, by December, 25% of e-mails had a vicious link.

The trend towards malicious links demonstrates how virus writers are becoming increasingly sophisticated in the malware they create in order to avoid detection and increase their chances of penetrating a vulnerable system, said MessageLabs.

This year also saw the emergence of threats targeting the fast growing and vulnerable area of social networking. Web sites such as Facebook, Linked-In and Plaxo present rich-pickings to cyber criminals looking to gather personal information for use in identity theft or targeted attacks, says the report.