Spam, phishing attacks growing more sophisticated

Security researchers at MessageLabs and Symantec are reporting a significant rise in more sophisticated botnet and phishing attacks, putting a stranglehold on corporate communications.

Though botnets have caused a large volume of junk email in recent months, security researchers are more alarmed at the rise in their level of sophistication, warning that targeted phishing attacks are making their way into corporate email servers.
They've reached a level of sophistication that we usually associate with commercial grade products.
Mark Sunner,
chief security analystMessageLabs

"They've reached a level of sophistication that we usually associate with commercial grade products," said Mark Sunner, chief security analyst at MessageLabs in New York. "We've seen the activity change and now botnets are spammed out in discrete chunks."

In November, the global amount of spam in email traffic grew to nearly 90% of all global email traffic, according to statistics kept by MessageLabs. And that percentage is expected to hold in December. In addition, the vendor reported that 1 in 200 emails contained some type of phishing attack. MessageLabs said more than 68% of all malicious emails intercepted recently have been phishing attacks, a steady increase over the previous months.

Security researchers predict 2007 will be a year in which the level of sophisticated attacks grows to alarming levels. The bad guys are beginning to comb through social networking Web sites such as MySpace and others, said Sunner, and pull out addresses, zip codes and other identifying data to make a phishing email seem genuine to a victim.

"In some cases, it will be a bank they use and it is addressed to the victim so these attacks can be very successful," Sunner said. "The bad guys can plunder the databases of big social networking communities and make a successful run with spam."

Alfred Huger, senior director of engineering at Symantec Security Response, observes more than 7 million total phishing attempts each day.

Botnets, spam on the rise:
Research shows massive botnet growth

Criminals find safety in cyberspace

Companies see a surge in phishing attacks

Security Blog Log: Sailing a sea of spam

"Raw phishing attacks have gone up significantly to more than 900 unique phishing attacks each day," Huger said.

Attackers, Huger said, are harvesting email addresses from people who live in the same geographical area. Victims are then sent a phishing email that appears to come from a bank or other financial institution in the area, he said. Moving into 2007, Huger predicts that phishing attacks will become even more targeted and harder to detect as fraudulent.

"The trust factor is high and people are more likely to fall prey to it, because they're not generally expecting their own bank to be more involved in it," Huger said

Smishing – attacks using SMS – will also increase in 2007, as cell phones with email and other messaging features increase in use, Huger said.

"Our phones are now becoming mini computers and anything that can happen to us, on our PC is likely to effect us on our phone," he said. "Some enterprises are starting to have well articulated policies about mobile device use while others have none. There's not a lot of middle ground."

Companies and consumers can take basic steps to fight back. Financial institutions are improving authentication features and are ramping up education efforts to help customers understand when their bank is legitimately contacting them, Huger said. Consumers can take action and help fight online fraud by submitting phishing sites to the Symantec Phish Report Network.

Rootkits on the rise

Attackers began using rootkit technology more widely in 2006, Huger said, and their use will continue to increase in 2007.

A rootkit is a collection of software tools that gives an administrator access to a computer or network. Once installed, an attacker can remain hidden and can install spyware and other software that monitors keystrokes or alters log files. While Microsoft's launch of Vista may cut down some of the use of rootkits, their overall use will become standard in 2007. User-mode rootkit tactics are now commonplace; kernel-mode rootkits are also increasing in use, according to Symantec.

"A rootkit is a more powerful tool," Huger said. "We're seeing more of [them] because security products are becoming more powerful, and attackers have to up the ante."

Read more on IT risk management