Want some scary statistics for Halloween? In the first six months of 2005, the average number of “phishing” e-mails went from about 3 million to more than 5½ million, according to the Symantec, distributor and licensor, among other things, of firewall and virus protection software. Phishing, in case you’ve missed the news, is a scam which uses e-mail to spoof legitimate businesses such as banks and airlines, and attempts to entice you to enter personal data which can then be used by criminals. “Update your account” or “Your Security May Have Been Compromised and We Need You to Verify Your Password” are typical messages, often accompanied by logos and names that appear to be all too real.
Symantec also discovered 1,862 new software vulnerabilities, over the six month period—almost all moderate to high security threats and 60 percent were in Web-based applications. Symantec also found that the average number of denial-of-service attacks jumped from 119 to 927 a day during the first half of 2005. Why the increase? Personal computers are being overwhelmed with “bots”—penetrating vulnerabilities in personal computer software that allow the hackers—online criminals—to remotely control home computers. Not convinced? By monitoring customers and their networks the numbers of active bots more than doubled from 4,348 to 10,352 bot computers. The SANS Internet Storm Center, a not-for-profit organization that tracks hacking trends, detects an average of 260,000 bots each day that are out there looking for computers that are vulnerable to attack. No longer limited to “denial of service” attacks by triggering junk data to attack—and ultimately overwhelm—a legitimate website, these bots now are beginning to be used to generate SPAM and malicious code.