Spam, E-mail Viruses Increase; OS Security Vulnerabilities Decline

Internet Security Systems (ISS) and MessageLabs released a synopsis of 2006 security trends Thursday, with both companies revealing a marked increase in spam throughout the year.

ISS discovered a 100 percent increase year on year in spam. From December 2006 through January 2007, Messagelabs found a 1.5 percent increase in spam globally.

In January, spam totaled 75.8 percent of all e-mails captured by MessageLabs’ traffic management in January.

In Australia, spam levels increased 0.1 percent in January, according to the MessageLabs 2007 intelligence report.

The report also found the number of viruses hidden in e-mail traffic had increased 0.08 percent since last month, accounting for one in 119.9 e-mails, with a stern warning about the new wave of refined Trojan code called Rustock.

"It is now believed that the suspected Russian criminals responsible for last year’s Trojan, SpamThru, have been updating their botnets to another Trojan bot called Rustock," the report said.

"Rustock allows spammers to send out image spam, which is more difficult for traditional antispam software to accurately identify.

"Finally, 80.2 percent of Web viruses intercepted were from uncategorized sites suggesting that they were being used for domain kiting and other disreputable purposes to host phishing and spam sites."

The ISS 2006 security statistics report identified advances in image spam technology, operating system holes, and an increased hacker focus on Web browser vulnerabilities as the top concerns for 2007.

The ISS X Force research and development team has predicted new forms of image spam will be pervasive throughout 2007.

It will be specifically designed to evade capture, but IBM ISS director of security strategy, Gunter Ollmann, said the good news is the drop in high-impact vulnerabilities.

"In 2005, high-impact vulnerabilities accounted for about 28 percent of total vulnerabilities, while they only accounted for 18 percent in 2006," Ollmann said.

"The security industry has made great progress over the last year, but despite promising statistics such as this one, we predict that 2007 will require higher levels of vigilance and innovation to deal with emerging threats and new vectors of attack."

According to X Force, there were 20 new vulnerabilities discovered daily in 2006, 88 percent of which could be exploited remotely, with more than half allowing attackers complete access after the vulnerability was exploited.

-Michael Crawford, Computerworld Australia

Copyright © 2007 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline