by Jay Wrolstad, newsfactor.com
Home computer users, most of whom don't take even rudimentary measures to protect their PCs, are increasingly finding themselves under attack by phishers and malware miscreants who are getting much better at their nefarious work.
That's the conclusion drawn in Symantec's latest security threat report.
Symantec found that home users now comprise 86 percent of all targeted attacks against computers, followed by businesses in the financial-services industry.
With hackers aiming at desktop applications and developing new, sophisticated tactics to avoid detection, scattershot Internet worms and viruses have given way to more focused assaults whose purpose is largely fraud and identity theft.
"Home users face a bigger threat since they do not have security [policies] put upon them," said Natalie Lambert, an analyst at Forrester Research. The security settings on corporate users' PCs are dictated by I.T. workers, she explained. But home users are left to their own devices and typically do a poor job managing their security, she said.
"Even after these home users install their software, they still have to keep it updated -- something most still have not mastered," she went on to say. "And since PCs are only as secure as their last update, home users will continue to be at risk."
Ignorance Not Bliss
Even as security companies are attempting to bolster PC defenses with traditional antivirus strategies, Symantec found that attackers are delivering their malicious code through zero-day security vulnerabilities in e-mail applications and Web browsers.
Web browser flaws represented 69 percent of all vulnerabilities documented by Symantec in the first half of 2006, with 47 vulnerabilities documented in Mozilla browsers (up from 17 in the last reporting period), 38 in Microsoft Internet Explorer (compared to 25), and 12 in Apple Safari (compared to six).
Additionally, phishers are learning to bypass spam-filtering technologies, the Symantec report noted. Most phishers have gotten wise to new spam- and virus-fighting technologies and now exclude malicious code from their mass mailings to enhance the chances of making it into the inboxes of unsuspecting users. Instead, they now simply include links to Web sites hosting the malicious code.
Also of note in the report is the fact that Symantec identified some
4.6 million active zombie computers under the control of hackers and the period. These zombie machines are used not only to level denial-of-service attacks at Web sites who refuse to pony up ransom money, but also to spread malicious code through spam messages.Financial gain remains the motivation behind many of these threats, Symanted reported.
Future Bleak
Yankee Group analyst Jonathan Singer suggested that the proliferation of spam engines and botnets can be attributed to the successes hackers have experienced thus far. "It's a lot easier to go after an unsuspecting user than try to break into a enterprise network," he said.
Even those users with antispyware installed on their machines remain susceptible to phishing attacks that use social-engineering tricks to trick people into providing their sensitive financial information on bogus Web sites, Singer said.
Both he and Lambert said common sense can go a long way toward thwarting these attacks. "You should always be wary of suspicious e-mails, and always type in the URL of a bank or other site rather than clicking on a link provided in a message," said Singer.
The best way you can protect yourself is to keep your system patched, update your security software, and not open suspicious attachments, Lambert said. She also advised installing a security suite that consists of firewall and antispyware software, in addition to antivirus capabilities.
The Symantec report said that, in the future, the present situation is likely to worsen, with more threats designed to exploit personal software and Microsoft's forthcoming Windows Vista operating system.
Copyright 2006 NewsFactor Network, Inc.
NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at