Financially motivated malware attacks are on the rise, with automated software packages making it easy for unskilled hackers to earn a living by sending out spam, researchers at messaging security vendor Secure Computing say.

A malware kit called MPack, released by Russian hackers last December, allows pretty much anyone with $200 to become a master spammer because it is easy to use and exploits vulnerabilities in FireFox, Internet Explorer and Apple’s QuickTime, says Dmitri Alperovitch, principal research scientist for Secure Computing.

The trend that “kind of defines 2007” is the convergence of traditional e-mail with Web-based attacks, in which message recipients are prompted to click on links to malicious Web sites, rather than to download attachments, Alperovitch says.

“Certainly, exploiting Web browser vulnerabilities has been common. We’ve seen that for a long time,” he says. “Now we’re seeing that capability being merged with traditional e-mail worms that sort of blanket the Internet.”

Information-stealing malware now accounts for 10% of all threats, up from 8% in January, new research from Secure Computing has found. Trojans comprise 63% of all newly discovered malware, up from 58% in January.

Spyware and phishing are also becoming more problematic as attackers use more targeted attacks to steal personal and financial information. “The barriers to entry into cyber crime have been lowered so much,” Alperovitch says. “People are realizing that they can make very serious money with almost no accountability, almost complete anonymity.”

Quoting the analyst firm Gartner, Secure Computing’s researchers say that 75% of enterprises will be infected by “undetectable professional-grade malware” by year-end.

About 90% of all e-mail is malicious, but that figure will rise as the holiday season gets closer, according to Alperovitch.

“There’s a good chance we’ll reach 95%, maybe higher, of all e-mails being malicious by the end of the year,” he says.

As the storm worm showed, the automation of online attacks is allowing the creation of more botnets, he says. E-mail delivery mechanisms are also being optimized to bypass spam filters. Unfortunately, many Web surfers are far too trusting.

“If you’re walking down the street and someone asks you for your Social Security number or your bank account pin, you’re not going to give it to them,” Alperovitch says. “Yet on the Internet, people freely give them out to anyone who sends them an e-mail message.”

Whitepapers

• Gene Kim's Practical Steps to Mitigate Virtualization Security Risks
• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports