TheStorm
Wormprovides the model that nearly all
cybercriminals are using to exploit the internet and hide their
theft of millions of users' identities, according to areportfrom IBM.
Kris Lamb, operations manager of
X-Force research and development for IBM, said, "The Storm Worm
provides a microcosm of the kinds of threats users faced in 2007.
All in all, the exploits used to spread Storm Worm are a blend of
various threats including spam, phishing and drive-by-downloads by
way of web browser exploitation."
The report details "a disturbing rise in the sophistication of
attacks by criminals on web browsers worldwide". By attacking the
browsers of computer users, cybercriminals are now stealing the
identities and controlling the computers of consumers at a rate
never before seen on the internet, IBM said.
The study said a complex and sophisticated criminal economy had
developed to capitalise on web vulnerabilities. Underground brokers
are delivering tools to aid in obfuscation, or camouflaging attacks
on browsers, so cybercriminals can avoid detection by security
software, it said.
In 2006, few attackers employed camouflaging techniques, but
this soared to 80% during the first half of 2007, and nearly 100%
by year-end. The report predicts the criminal element will
contribute to a proliferation of attacks in 2008.
Storm techniques let cybercriminals infiltrate an unprotected
user's computer to steal their user IDs and passwords or personal
information like national identity numbers, social security numbers
and credit card information.
"When attackers invade an enterprise machine, they could steal
sensitive company information or use the compromised machine to
gain access to other corporate assets behind the firewall," IBM
said.
"Computer security professionals can claim some victories, such
as the drop in the amount of image-based spam, but attackers are
adapting their approaches," said Lamb.
The Storm worm was the most pervasive internet attack last year,
Lamb said. It continues to infect computers around the world
through a blend of threats that includes malware, spam and
phishing. Last year X-Force reported a 30% rise in the number of
malcode samples identified. The Storm Worm comprised around 13% of
the entire malcode set collected in 2007. Lamb said that for the
first time the amount of spam e-mails dropped to pre-2005
levels.
The new report also reveals that:
- The number of critical computer security vulnerabilities
disclosed increased by 28%.
- The overall number of vulnerabilities reported dropped for the
first time in 10 years.
- Only half the vulnerabilities disclosed last year could be
corrected with vendor patches.
- Nearly 90% of vulnerabilities disclosed in 2007 were
exploitable remotely.