Phishing, Malware Declining?

Recent reports find attacks may be lessening, but experts agree that phishing and malicious code are still urgent problems.

A trio of reports from security vendors and industry groups that monitor malicious code suggests that recent plagues such as phishing attacks and spyware may be abating.

Reports released last week from managed e-mail security vendor Postini Inc. and the Anti-Phishing Working Group, or APWG, show that the volume of phishing e-mail messages and the number of phishing Web sites have leveled off or declined in recent months.

In addition, a first-ever State of Spyware report from Webroot Software Inc. found that adware and system-monitoring software installations declined in the first quarter of the year.

In its report, Postini, of Redwood City, Calif., said that phishing attempts decreased 45 percent between March and April and that virus-infected e-mail declined by 30 percent during the same period.

The Postini report came just days after the APWG industry association released its report for March, which showed that reports of phishing e-mail rose by just 2 percent, continuing a two-month trend of slower growth.

Webroot, which tracks installations of spyware, said infections declined by 2 percent overall from the previous quarter, with more precipitous drops in some categories. For example, installations of system monitors, such as key-logging programs, on consumer PCs fell by 60 percent between the fourth quarter of last year and this years first quarter.

However, phishing attacks and malicious code are still urgent problems, experts agree.

Webroot still finds some kind of spyware on 88 percent of all the machines it scans, whereas Postini stopped more than 9 million phishing e-mail messages last month alone.

"The problem is at the same level or worse than it has been in the past," said C. David Moll, CEO of Webroot, in Boulder, Colo.

Consumers and companies may have more awareness of key loggers and Trojan horse programs now, but there is still a thriving economy supporting those who create spyware and send out spam, Moll said.

Consumers may also be desensitized to problems such as phishing and may have stopped reporting phishing scams to authorities and industry groups, said Peter Cassidy, secretary general of the APWG.

More widespread use of malware detection software and proposed state and federal legislation that define spyware could make it harder for spyware vendors to distribute their wares, Moll and Cassidy said.

Legal action, such as New York Attorney General Eliot Spitzers recent lawsuit against Intermix Media Inc., an alleged spyware vendor, is another new front in the war against domestic spyware companies, according to Moll.


Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.