Browser Attacks Replacing Virus Threats

    June 15, 2005
    WebProNews Staff

Criminal assaults on users online continue to grow, as thieves attempt to exploit browser vulnerabilities.

In a study of nearly 500 organizations, more than half experienced some form of browser-based attack. 56.6 percent of those responding to the CompTIA study reported at least one such occurrence.

Last year the figure was 36.8 percent, and the year before that was 25 percent of respondents to the CompTIA Study on IT Security and the Workforce.

Phishing attacks increased to affecting about a quarter of respondents. These attacks use bogus e-mails to scam people into turning over personal information like credit card and Social Security numbers.

But the study still shows viruses and worms are the number one threat to enterprises. Two-thirds of respondents reported experiencing a virus infection. And worms and viruses have shown a trend where hackers modify them to make them more intrusive against security measures.

“Though security software has become increasingly more advanced in its ability to detect threats to networks, applications and operating systems, hackers are sophisticated enough to reverse engineer patches and launch counter-offensives to vulnerable systems within 48 hours,” said Brian McCarthy, chief operating officer, CompTIA.

The Mytob worm that has been circulating recently is one example. Observations by security consultant Carole Theriault at Sophos claim ongoing work on that worm may cause it to become a super-worm.

Another rising threat, called pharming, has been seen as well. A bogus web site is created by scammers to emulate a legitimate site, such as a bank. The pharming site collects personal information as users enter it and passes it along to the criminals.

David Utter is a staff writer for WebProNews covering technology and business. Email him here.