Hackers Attack Businesses, Blogs and Web 2.0 Sites, Sophos Security Threat Report...

Hackers Attack Businesses, Blogs and Web 2.0 Sites, Sophos Security Threat Report Reveals

      Cybercrime gangs enlist the help of Blogspot, Facebook and
                              celebrities
BOSTON--(Business Wire)--
Sophos, the largest privately held vendor in the secure content
and threat management market today published new research into the
first six months of cybercrime in 2008. The Sophos Security Threat
Report examines existing and emerging security trends and has
identified that criminals are increasingly using creative, new
techniques in their attempt to make money out of internet users.

   It is estimated that the total amount of malware in existence now
exceeds 11 million, with Sophos currently receiving approximately
20,000 new samples of suspicious software each day - one every four
seconds. The firm's report - available from
http://www.sophos.com/securityreportjul2008 - reveals that most
attacks are now designed to try and out-fox traditional security
systems such as email scanning.

   WEB SITE INFECTION RATE THREE TIMES FASTER THAN 2007

   The first half of 2008 has seen an explosion in threats spread via
the web, the preferred vector of attack for financially motivated
cybercriminals. On average, Sophos detects 16,173 malicious webpages
every day - or one every five seconds. This is three times faster than
the rate seen during 2007.

   Over 90 percent of the webpages that are spreading Trojan horses
and spyware are legitimate websites (some belonging to household
brands and Fortune 500 companies) that have been hacked through SQL
injection.

   SQL injection attacks exploit security vulnerabilities and insert
malicious code into the database running a website. Companies whose
websites have been struck by such an attack often clean up their
database, only to be infected again a few hours later. Users who visit
the affected websites risk having their computer taken over by
hackers, and their personal information stolen by identity thieves.

   Sophos has identified that the number one host for malware on the
web is Blogger (Blogspot.com), the blog publishing system owned by
Google, which allows computer users to make their own websites easily
at no charge. Hackers both set up malicious blogs on the service, and
inject dangerous web links and content into innocent blogs in the form
of comments. Blogspot.com accounts for two percent of all of the
world's malware hosted on the web.

   MALICIOUS HACKERS TRY NEW TECHNIQUES TO SPREAD VIRUSES AND SPAM

   Sophos's Security Threat Report details attempts by hackers and
spammers to take advantage of Web 2.0 websites such as Facebook and
LinkedIn, attacks against non-Windows devices such as Apple Macs and
Linux, and the likelihood of emerging threats which target Apple
iPhone users.

   "The biggest malware problem is undoubtedly on Windows, but that
doesn't mean Mac and Linux users should be complacent. Threats for
other platforms are encountered, and there is a risk that users of
these operating systems may be suffering from the incorrect belief
that they are somehow immune from internet attacks," said Graham
Cluley, senior technology consultant at Sophos. "The use of systems
like Facebook, Bebo and LinkedIn proves that cybercriminals are
looking for new ways to spread their malicious code and unwanted
adverts."

   According to Sophos's report, one other growing method for
spammers is to spread their messages via mobile phones. According to
the Internet Society of China, an astonishing 353.8 billion spam
messages were sent to the country's mobile phone users in the last
year - with almost 440,000 formal complaints in June 2008 alone.
Although the problem is much smaller elsewhere in the world, Sophos
has also identified SMS spam campaigns that have succeeded in clogging
up phone lines in the US and Europe.

   NICOLE KIDMAN AND ANGELINA JOLIE ENDANGER SAFETY OF COMPUTER USERS
VIA EMAIL

   Although most attacks are now taking place via infected websites,
email continues to present a danger. It is common for cybercriminals
to spam out links to compromised websites, often using a subject line
and message to tempt computer users into clicking through the promise
of a breaking news story or a lewd topic.

   Attacks via email file attachments, however, have reduced in 2008.
Only one in every 2,500 emails examined in the first six months of
2008 was found to contain a malicious attachment, compared to one in
332 in the same period of 2007. The Pushdo Trojan dominated the chart
of most widespread malware spreading via email, accounting for 31
percent of all reports. Pushdo has been spammed out during the year
with a variety of disguises. Some for example, have claimed to contain
nude photographs of Hollywood stars Nicole Kidman and Angelina Jolie.

   Corporate executives have been put at risk during the first six
months of 2008 with targeted malware, designed to infect individuals
at specific corporations rather than the internet community at large.
In April, there was a specifically targeted malware campaign emailed
to chief executive officers of various companies, all pretending to be
subpoenas from US federal courts, trying to frighten hand-picked
recipients into opening the dangerous attachment.

   "This report makes it clear that the need for proper security has
never been higher. Hackers are becoming more inventive in the way that
they try and infect computers around the world - the motivation
driving them to be creative in their attacks is the large amount of
money at stake," continued Cluley. "Businesses and home users need to
bite the bullet and take better care of their computers, networks and
websites - regardless of whether they are running Windows or not - or
risk losing everything in a hack attack."

   About Sophos

   Sophos enables enterprises worldwide to secure and control their
IT infrastructure. Our network access control, endpoint, web and email
solutions simplify security to provide integrated defenses against
malware, spyware, intrusions, unwanted applications, spam, policy
abuse, data leakage and compliance drift.

   With over 20 years of experience, we protect over 100 million
users in nearly 150 countries with our reliably engineered security
solutions and services. Recognized for our high level of customer
satisfaction, we have an enviable history of industry awards, reviews
and certifications.

   Sophos is headquartered in Boston, MA and Oxford, UK. More
information is available at www.sophos.com.

CHEN PR
Kevin Kosh, 781-672-3111
kkosh@chenpr.com
or
Sophos
Jennifer Torode, 781-494-5885
jennifer.torode@sophos.com

Copyright Business Wire 2008