Phishing e-mails that contain a Trojan horse designed to infect users' computers will continue to increase in 2008, comprising more than one-in-three malicious e-mail attachments, Microsoft said on Thursday.
The software giant offered a peek into its forthcoming Security Intelligence Report this week, and predicted that three categories of attacks would become more popular in 2008: phishing attacks, e-greeting card scams, and e-mail messages directing the victim to a fraudulent telephone number. In 2007, nearly one-in-three infected e-mail messages contained a phishing scam, while 7 percent of such e-mail messages masqueraded as an electronic greeting card and directed the target to a malicious site. In addition, e-mail messages that direct users to call a phone number and give information to a fraudulent voicemail system are also on the rise, Microsoft said.
While targeted attacks have gained attention, especially when the attacks are apparently launched by other nations, consumers are far less likely to be a victim of such an attack, Adrienne Hall, senior director of Trustworthy Computing at Microsoft told SecurityFocus.
"Those are very high-end targeted attacks," Hall said. "For the broad swath of the consumer public, the attacks are fairly more simplistic, and yet, they are luring so many people, that they are still the largest threats."
The Storm Worm Trojan horse has garnered a great deal of media attention in 2007. The Trojan horse attack uses e-mail to send out large batches of infected e-mail messages to potential victims to create and expand its controller's botnets. While identity theft and stealing account credentials tend to be the focus of many hackers, a recent report by the U.S. Federal Trade Commission found that losses from identity fraud had dropped.
While phishing and e-greeting scams are on the rise, the major e-mail threat continues to be mass-mailing worms and viruses, which comprised nearly 49 percent of e-mail attacks in 2007, Microsoft said.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos