CA Warns Of New Internet Threats Facing Home User In Mid-Year Internet Threat Outlook Report

CA, Inc. (NYSE: CA) today issued a report that warns of growing, more complex Internet threats facing home PC users-including targeted identity theft, emerging risks associated with online gaming, a doubling of malware exploits, and new software vulnerabilities.

The CA Mid-Year Internet Threat Outlook Report is based on data compiled by the CA Security Advisor Team, a global team of malware researchers. It outlines the impact that organized crime, evolving technology, and the ongoing efforts of malware authors on the safety and security of home PC use.

The exposure of home PC users continues to grow as the PC becomes the family communications and entertainment hub. The information contained in CA’s report is particularly important, since no computer, operating system, or software is completely invulnerable to the types of attacks that users can unwittingly expose themselves to.

“Everyone using the Internet should be aware of the nature and severity of online threats-especially gamers, social network users, seniors, tweens and their parents” said Brian Grayek, vice president of Threat Research for CA. “It’s especially important to teach younger users about protecting personal information and handling cyber-bullies, because-even though they may be more adept at using the Internet than their parents-they tend to be far less diligent about practicing safe online computing.”

Predictions from the CA 2007 Mid-Year Internet Threat Outlook include:

Stealing online gaming accounts will become as profitable as stealing bank accounts. Gamers are under siege. The second most common malware seen this year is designed to steal gaming passwords. Characters and virtual money are sold in underground web sites that rival legitimate commodity markets.
“Spear-phishing” will grow as identity theft surpasses record levels. Almost 3.25 million Americans discovered that their personal information has been used to open credit cards.* Phishers are shifting from pure opportunism to “spearing” specific individuals based on age, socio-economic status, etc.
Malware will increase by132% this year over last, with Trojans leading the pack. From January to June 2007, CA Security Advisor saw that 65% of the malware threats were trojans, 18% were worms, 4% were viruses, and 13% were other types of malware.
Mozilla Firefox will no longer be considered more secure than Microsoft Internet Explorer; and conventional wisdom that Apple Mac OS X is more secure than Microsoft Windows will crumble. Internet Explorer and Firefox are running neck-and-neck, with 52 and 53 vulnerabilities this year respectively, and will easily surpass the number of vulnerabilities reported last year. In the first half of this year, there were 51 reported vulnerabilities for Mac OS X, 29 for Windows XP and 19 for Windows Vista.
Cyber-criminals will increasingly use a “multi-step” approach to creating and distributing malware. Multi-component malware, such as sending spam with a Trojan, allows them to fine-tune the malware-making it harder for security vendors to identify. Lesser-known techniques to hide from security software, including “packers” or “encryptors,” are now widespread (representing two of the top five malware this year).
Internet crime groups will look more like legitimate software businesses. No more attention-seeking hackers-organized groups of criminals have developers, marketers and distribution channels. Many are located in Eastern Europe and China.
As Botnets grow, so will the risk of “botherders” using information about victims’ behavior to offer demographics-based marketing. Such targeted efforts would rival the largest legitimate marketing. Based on current estimates, millions of home PCs may be controlled by botnets today.
As adware and hijackers continue to fade, the spyware category will be dominated by Trojans and downloaders. The versatility of Trojans has clearly made them the tool of choice for malware authors. Downloaders will become attractive as new versions not only distribute spyware but defend against its removal.
Criminals will increasingly target lower profile but useful software, such as Adobe Acrobat Reader and Macromedia Flash, to exploit security holes. At the current rate, we’ll see twice the number of vulnerabilities in Reader and Flash.
Social networks are under fire for security weaknesses. Not only are they subject to the same weaknesses as web sites-SQL injection, cross-site scripting attacks and forgeries-but the ability to create web pages allows a criminal to post malicious code. On a social network, attacks move faster because everyone is interconnected. Mobile social networks can also be easily attacked-providing information for stalking and other crimes.
While the findings may seem grim, the CA Security Advisor Team offers the following tips:

Let the Technology Work For You

All computers in your house should be protected with antivirus, anti-spyware and anti-spam software.
Use a personal firewall and learn how to configure it with online gaming to resolve interference.
Secure the network router.
Keep all software updated.
Adjust Web browsers for increased security.
Back up data.
Use an anti-phishing toolbar.
Practice Safe Internet Surfing

Don’t open e-mail from unknown people.
Make sure banking, Webmail and financial sites are secure.
Use encryption to protect sensitive data, especially on laptops.
Be cautious about instant messaging.
Avoid P2P networks if possible.
Be wary about letting others use your computer.
When using public computers, be extra alert.
For the Kids

Tell children not to respond to messages that are threatening, suggestive or make them uncomfortable.
Teach children to protect their privacy.
Make the Internet a family activity.
Install parental controls with Web filtering and optional time restrictions.
Explain to children that not everything they read online is true.
The CA 2007 Internet Threat Outlook is available at http://ca.com/us/securityadvisor/newsinfo/.

The CA Security Advisor Team has been providing trusted security advice to the world for 16 years. It is staffed by industry-leading researchers and skilled support professionals who work around the clock to protect CA customers and the PC user community as a whole. CA Security Advisor (http://ca.com/securityadvisor) offers free security alerts, RSS feeds, PC scans and a regular blog updated by CA researchers. The team’s research is also used to keep CA’s entire portfolio of threat-related products for home, SMBs and enterprise customers updated.

* Source: Federal Trade Commission