Computer Crime Research Center


Hackers: more phishing, mobile viruses

Date: April 27, 2005

McAfee, Inc., the leader in Intrusion Prevention and Risk Management solutions, today announced the most commonly reported malicious threats and potentially unwanted programs (PUPs) affecting enterprises and consumers in the first quarter of 2005, identified by McAfee AVERT, the company's Anti-virus and Vulnerability Emergency Response Team.

McAfee AVERT reports that mobile viruses, Phishing, and exploited vulnerabilities are quickly becoming the predominant threats affecting consumers and enterprises alike, and noted a steady increase in Trojans and 'BOTs while mass mailer viruses taper off. Additionally, McAfee AVERT has translated the common trends for the quarter into an outlook on the remainder of the year.

"Although we saw a steady decline in the rate of viruses produced from 2000 to 2004, down to a 5% year over year growth, we've seen a 20% increase of malware-related threats between 2004 and 2005 and anticipate that these numbers will stay at the higher rate of growth for the immediate future," stated Vincent Gullotto, vice president of McAfee AVERT. "In the first quarter of 2005, the rise in unwanted programs has greatly surpassed what was noted in the first quarter of 2004."

The top ten malicious threats in Q1 are listed alphabetically and identified by the AVERT name schema: Exploit-ByteVerify, Exploit-HelpZonePass, Exploit-MhtRedir, JS/Noclose, StartPage, VBS/Psyme, W32/Mytob, W32/Sdbot (family including sdbot, gaobot, polybot, spybot). In addition, McAfee AVERT also notes that mass-mailers, including those from the Bagle, Netsky and Mydoom families, are widely reported.

McAfee continues to expand its vulnerability and exploit analysis into 2005. Vulnerabilities discovered in Q1 2005 totaled more than 1,000. This is roughly 6% more than in Q1 2004. AVERT has logged more than 200,000 reports of various exploits attacking various vulnerabilities.

Though software developers are becoming increasingly adept at recognizing and fixing these vulnerabilities, hackers and virus writers are focusing their efforts on reported vulnerabilities and capitalizing on machines that have not been patched or updated. AVERT estimates that approximately 50% or more of the machines on the Internet today are not properly patched to stop these exploits.
This quarter, AVERT has made a distinction between threats that are malicious and threats that are not malicious.

The non-malicious threats are commonly referred to as potentially unwanted programs in an enterprise or consumer environment, however users have requested that McAfee continue to detect these programs. The following, while not malicious, are the most commonly reported potentially unwanted programs (PUPs) identified by McAfee technology and reported by customers to AVERT. The following PUPs are listed alphabetically: Adware-BB, Adware-DFC, Adware-Gator, Adware-Rblast, Adware-180 SearchAssist, Adware-Searchcentrix, Downloader-KL, Downloader-UI, IPSentry.

McAfee AVERT is focused on several key areas and expects them to increase over the remainder of 2005.

PUPS Continue to Climb: Data gathered from the more than 5 million plus VirusScan On-line users show that 1.5 million of those systems reported the presence of adware. Of those reported, each machine had an average of 3 different adware programs installed.

Phishing and Identity Theft is a Rising Concern: Phishing became a major concern in 2004 and continues to be a concern in 2005. Many of the attacks have become increasingly targeted, where they use Spyware programs and password stealers targeting specific banks. The Anti-Phishing Working Group, an industry association that McAfee recently joined to help fight identity theft and fraud, reported 2625 active Phishing sites for the month of February.

This number is up by 50% from the last report published in December of 2004. AVERT has seen an increase in the number of Phishing attempts for this same period. That growth has seen an average increase of 25% per month.

Mobile Viruses Surface as a Serious Threat: Over the last few years AVERT has seen proof-of-concept of viruses, Trojans and worms on several mobile platforms. At the same time unsolicited commercial messaging commonly observed in the Internet space is starting to appear on mobile networks in growing numbers and complexity. The use of smart phone technology has played a very important role in the transitional phase from multifunction semi-stationary PC to palm sized targeted functionality "wearable" devices, and therefore with increased connectivity of smart phones AVERT expects a transition to converged devices. There has been a very dramatic increase in Symbian malware targeting smart phones and mobile phones from 2004 Q4 to today. AVERT researchers tracked 5 in Q4 and now there are as many as 50 mobile malware threats in the wild.

AVERT Recommendations
In an effort to address the above threats and malicious programs, McAfee AVERT recommends both enterprises and consumers constantly stay updated with the latest DATs, install the latest patches, employ current spam filters and implement a multi-layered approach to detecting and blocking attacks. For more information and solutions that can help enterprises and consumers ensure constant security protection, please visit

McAfee AVERT Labs is one of the top-ranked anti-virus and vulnerability research organizations in the world, employing researchers in fourteen countries on five continents. McAfee AVERT combines world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee® IntruShield®, McAfee® Entercept® and McAfee® Foundstone® Professional Services organizations. McAfee AVERT protects customers by providing cures that are developed through the combined efforts of McAfee AVERT researchers and McAfee AVERT AutoImmune technology, which applies advanced heuristics, generic detection, and ActiveDAT technology to generate cures for previously undiscovered viruses
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2010-01-13 03:59:05 - i love to join the hackers company. chiboy_pat
2005-07-31 15:49:18 - sehr gut Saite. Was machen Sie mein... Hans Millard
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo