Top Threats for Q2 2005 Include Money Making Schemes and a Rise in BOTS and Spyware

BOTS, adware and spyware continue to be major concerns for consumers and enterprises around the globe, according to McAfee AVERT, the company's Anti-virus and Vulnerability Emergency Response Team. ADVERT saw a 12 percent increase in the number of new potentially unwanted programs (PUPs) created in Q2 2005 from Q1 2005.

BOTS in particular continue to plague enterprise companies and home users because of their ability to inconspicuously take over a user's computer and remain hidden while they launch their malicious attacks. McAfee AVERT has seen an obvious increase in attempted machine hijackings.

"In just the first and second quarters of 2005, the number of exploited machines using backdoor techniques has increased over 63 percent from the total at the end of 2004," stated Vincent Gullotto, vice president of McAfee AVERT. "This often resulted in spyware and adware being downloaded onto affected systems. Thus spyware has continued to be a major problem. There are four anti-spyware bills working their way through Congress to help tackle this growing problem, but we believe the problem is only going to get worse. Consumers and enterprises are becoming more and more aware of the need for various security technologies to protect their machines and networks."

Major Threats for Q2, 2005
The top malicious threats in Q2 are listed alphabetically and identified by the McAfee AVERT name schema:

• Exploit-Byteverify
• W32/Mydoom.BG@MM
• W32/Mytob.gen@MM
• W32/Netsky.q@MM

In addition, there was an increase in Bagle downloaders, which in some cases released as many as eight variants in the duration of a few hours. McAfee Inc. continued to expand its vulnerability and exploit analysis into Q2 of 2005. Once again the vulnerabilities reported in Q2 of 2005 exceeded 1,000 on various platforms. This is roughly 5 percent greater than those reported in Q2 of 2004.

Top BOTs for Q2, 2005
The number of BOT-related cases increased by 303 percent from Q1 to Q2 2005 (from just over 3000 cases to just under 13000). BOT families that account for this increase include:

• Gaobots
• Mytobs
• Polybots
• Sdbots

Top Potentially Unwanted Programs for Q2, 2005
The following, while not malicious threats, are the most commonly PUPs identified by McAfee technology and reported by customers to AVERT. The following PUPs are listed alphabetically:

• Adware-180Solutions
• Adware-abetterintrnt
• Adware-BB
• adware-dfc
• Adware-GAIN
• Adware-ISTbar.b
• Adware-RBlast.dldr
• Downloader-kl
• IPSentry
• RemoteSpy

Adware and Spyware
Adware has become a major concern for both consumers and enterprises and continues to rise. McAfee AVERT saw a 12 percent increase in the number of new PUPs created in Q2 2005 from Q1 2005. Continuing a recent trend, several Mytob variants dropped hundreds of adware files, including components of Adware-180Solutions, Adware-BB, Adware-DFC, Adware-ISTbar, Adware-Sidefind, Adware-ExactSearch, Adware-abetterintrnt and Adware-SAHAgent.

In addition to new emerging and more harmful threats, McAfee also noticed an increase in money making cyber crime schemes. According to a recent Gartner report, threats are moving toward databases, allowing hackers to gain complete control over a network or a personal computer. In turn, this allows the hacker to hijack confidential and personal information for ransom. The McAfee Virtual Criminology Report: North American Study into Organized Crime and the Internet report released June 5 of this year suggests that there is a new hierarchy of cybercriminals, and that each level, from amateur to professional, has different tactics and motives.

The most interesting development in recent years is cyber gangs, who sit at the top of this cybercrime chain. These advanced groups of career criminals and hackers agree to cooperate, plan and execute long-term attack strategies that are of little interest to the socially-motivated hacker or script kiddy. With the increasing sophistication of cybercrime, from phishing to social engineering and Internet scams, the report raises awareness of how organized

• • • crime and cybercrime are developing and how businesses and individuals can protect themselves against criminal activity.
      
      Mobile Viruses Remain a Growing Threat
      Researchers discovered a technique for compromising Bluetooth authentication protocol and potentially gaining control of Bluetooth-enabled mobile phones, even when the handsets have security features switched on. The technique allows an attacker with specialized equipment to connect to a Bluetooth handset without authorization. Once the connection is established, the attacker could potentially gain access to resources of the handset to make calls on the target's handset, siphon off data, or access data services via compromised handset.
      
      AVERT Recommendations
      In an effort to address the above threats and malicious programs, McAfee AVERT recommends both enterprises and consumers constantly stay updated with the latest DATs, install the latest patches, employ current spam filters and implement a multi-layered approach to detecting and blocking attacks.