Back in December, eWEEK asked security experts to read the tea leaves and predict what 2011 would be like in the field of Internet security. No one expected 2011 to be the year of the data breach, but they correctly predicted the emergence of 64-bit malware and that the industry would increasingly collaborate with law enforcement to bust cyber-crime rings and shut down botnets. There were also signs of criminals fighting a turf war, for example, rival hacking groups trying to unmask members of Anonymous and a TDL-4 rootkit that’s designed to remove competing malware from infected computers, Derek Manky, senior threat analyst at Fortinet's FortiGuard Labs, told eWEEK. Attackers are adopting better programming practices, including reusing portions of successful malware source code when developing new ones. Cyber-crime remains lucrative, as evidenced by the fact that recruitment is up, Manky said. Several security companies have recently released their midyear reports summarizing some of the Internet threat trends from the first six months of 2011. eWEEK pored over the reports and here are some of the significant insights from M86, Secunia and BlueCoat.
of
Biggest Threats: Unpatched Software
Malware targeting Microsoft, Adobe and Java applications continued to be the biggest threats. Cyber-attackers weren't going after 0-days, as it was easier and just as lucrative to target unpatched programs using known (and fixed) vulnerabilities.
Facebook Attacks on the Rise
Grandparents aren't the only ones on Facebook. The criminals are, too. The number of Facebook-based scams soared and continue to be a serious threat, tricking users to click on titillating videos or applications. Facebook wasn't the only social networking site under attack; LinkedIn spam also increased.
Malicious Email on the Rise
Attackers are increasingly sending emails in combined attacks, such as spear phishing with HTML or PDF attachments that exploit unpatched software. Other types of malicious spam rely on good old social engineering to get users to hand over sensitive data.
Rare Good News: Less Spam
The efforts of Microsoft, the Justice Department and other security companies to shut down Rustock and Coreflood seem to be paying off, as global spam volumes seem to be down. While the amount of malicious spam hasn't changed, the overall spam volume is much less than it used to be.
Continued Use of Attack Kits
While Zeus may be one of the most well-known attack kits, it's not the most commonly used. That distinction goes to Neosploit, which dominated in the first half of 2011, followed by Phoenix and Blackhole.
Fake AV Becomes More Common
Attackers increasingly monetized their scams using fake antivirus software. Users were tricked into downloading malware, usually fake antivirus software, which couldn't be removed until they handed over their credit card details.
Criminals Use Antivirus, Too
Underground antivirus development and testing tools also have proliferated. Now malware developers could, for a small fee, check to see whether current antivirus programs from security vendors would be able to detect their malicious code.
Malvertising, Dynamic Link Attacks
More and more Web attacks are relying on malvertisements and other dynamic links to compromise legitimate Websites. Attackers don't need to hack into major Websites if they can inject malicious code into a URL or into an ad that links to the site.
Attackers Also Cutting Costs
Why increase costs when there are so many free or low-cost options available? Cyber-criminals increasingly registered free .co, .cc and similar Internet domains for their attack sites, used free hosting services and relied on free online storage services to host malware files.
U.S. Remains #1 Malware Host
While various vendors differed on the exact order, everyone agreed that the U.S. hosted the most malware. The other countries in the top five were China, Germany, the United Kingdom and the Russian Federation.
Windows Azure is a public cloud platform for building, hosting and scaling applications. Try Windows Azure free for 90 days and get 20GB outbound and unlimited inbound data transfer.
IT Security & Network Security News & Reviews News & Reviews 
Cloud Data Backup Now Makes Sense for SMBs: 10 Reasons Why 
HP, Lenovo, Asus Laptops, Desktops Offer Consumer Style for Busin[..]
Microsoft`s F#: 10 Reasons Why It`s a Hot Programming Language fo[..]
Data Center Efficiency: 10 Tips to Boost Productivity, Reduce Pow[..]
iPhone Apps to Kick Off the 2012 Summer Season 
Email Security: 10 Steps for Dealing With Dangerous Messages
See All Slideshows
Back in December, eWEEK asked security experts to read the tea leaves and predict what 2011 would be like in the field of Internet security. No one expected 2011 to be the year of the data breach, but they correctly predicted the emergence of 64-bit malware and that the industry would increasingly collaborate with law enforcement to bust cyber-crime rings and shut down botnets. There were also signs of criminals fighting a turf war, for example, rival hacking groups trying to unmask members of Anonymous and a TDL-4 rootkit that’s designed to remove competing malware from infected computers, Derek Manky, senior threat analyst at Fortinet's FortiGuard Labs, told eWEEK. Attackers are adopting better programming practices, including reusing portions of successful malware source code when developing new ones. Cyber-crime remains lucrative, as evidenced by the fact that recruitment is up, Manky said. Several security companies have recently released their midyear reports summarizing some of the Internet threat trends from the first six months of 2011. eWEEK pored over the reports and here are some of the significant insights from M86, Secunia and BlueCoat.