News

Malware threats double in 2008, McAfee finds

Liz Warren

Nearly as many unique malware threats have been created in the first half of 2008 as in the whole of last year, according to researchers at McAfee's Avert labs.

McAfee has detected almost 250,000 new threats so far this year. It attributes the growth in activity to the availability of point-and-click tools that allow people without technical skills to quickly create multiple variants of new malware such as trojans and bots.

Since mid-February, hackers have been focusing on "surf-by" attacks. Here, hackers add iframes to legitimate sites that covertly download malware to users browsing the site. Criminals have begun offering to pay others to carry out attacks, said Toralv Dirro, security strategist at McAfee Avert Labs.

Malware developers are also tapping into small payment services for mobile phones by fraudulently signing users up for downloads. "Taking just a small amount - 10 euros - from thousands of users will net a significant income," says Dirro. "We are also seeing an increasing number of attacks on 'virtual value' in online gaming environments."

In general, malware developers are moving away from attacking primary targets such as such as banks that have well protected sites. Instead, they are using secondary targets such as social networking sites, as a precursor to "spear phishing": faking e-mails using details picked up from social networking sites so that they convincingly appear to be from people in the victim's social network.

Dirro says McAfee is seeing a rise in malware targeted at Vista, but has yet to see an expected rise in threats exploiting vulnerabilities in IM and VoIP, despite extensive discussion of the potential for malware in these environments in the security community.





Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy