While mass mailers continue to plague corporations and spyware is the big evil for consumers, the most serious threat in the first half of the year was the Download.Ject/Scob attack, which exploited still-unpatched vulnerabilities in Microsoft's Internet Explorer, McAfee said.
McAfee's virus research and response team -- dubbed AVERT -- ranked the Top 10 threats for the first six months of 2004, and put Download.Ject/Scob, a Trojan horse that infected IE users' machines in a brief attack in late June in the number one spot.
"At the time, [Download.Ject/Scob] seemed kind of minor, but once it got into networks, the impact was huge," said Brian Mann, the outbreak manager for AVERT in defending the ranking.
AVERT also rated it top beast, said Mann, as a kind of placeholder for the high number of attacks that use HTML code to move malicious code onto users' machines, as well as a way to spotlight the increasingly dangerous trend of behind-the-scenes attacks.
In the case of the Download.Ject/Scob Trojan, users were infected when they visited compromised servers running Microsoft's Internet Information Services (IIS) software; vulnerabilities in their IE browsers allowed the Trojan to open a backdoor and steal confidential information, all without the users' knowing anything was afoot.
Number two on the hot list was VBS/Psyme, another Trojan that exploited a vulnerability in Internet Explorer.
"The amount of different malware that uses these tactics is phenomenal," said Mann.
To come up with its Top 10 list, McAfee tallied the usual virus submissions by its clients, but also integrated factors such as customer impact -- based on conversations with enterprises that use its anti-virus and security software -- and whether the attacks exploit an unpatched vulnerability.
Three of the Top 10 are variations of the Netsky worm, which leaped to prominence early this year as it engaged in a tit-for-tat exchange with rival Bagle.
"The war between the Bagle and Netsky authors caused a tremendous increase in the number of virus attacks seen this year," said Mann. The four worms on the list were Netsky.d, Netsky.p, and Netsky.q; the other was the original MyDoom.
Four of the Top 10 spots in McAfee's list were occupied by various adware/spyware threats, proof that this security risk category is serious, and not just a danger to consumers.
"Spyware is most definitely a problem for enterprises," said Mann. There the biggest concern is over possible loss of critical and confidential data, Mann continued. "They're worried about what spyware is delivering, what it's doing to their systems."
The rise in spyware's seriousness -- 60 percent of the malicious threats McAfee tracked during the first half of the year were what it dubbed "Potentially Unwanted Programs (PUPs), which includes spyware -- is due to a number of factors, including better hacker technology, more virulent spyware, and devious tactics such as programs that automatically replace one uninstalled piece of spyware with another.
Overall, McAfee saw a continued increase in the number of security threats, and a dramatic climb in those it found worthy of watching.
It counted a 20 percent increase in threats during the first half of 2004 compared to 2003, and had tagged more threats as "Medium" or higher during 2004's first quarter than it did in all of 2003.
"I've seen it from both the support side and the research side," said Mann, "and the increase of high-risk threats is just incredible."
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
