While worms and bots get most of the attention from web security professionals, an old hacker favourite is making a comeback–albeit in a meaner form. Web evildoers are making better use of Trojans–destructive programs that masquerade as benign applications but drop nasty code–by targeting their attacks on specific users and programs. “It's sneakier and much more sophisticated than before,” says Dean Turner, executive editor of Symantec's Internet Security Threat Report. “By targeting specific organizations and creating Trojans specifically designed to take advantage of vulnerabilities in such programs as Microsoft Excel or PowerPoint, they can increase their chances of success.”
Need Trojan protection? All the old security rules apply–update antivirus software regularly, install all relevant vendor patches and don't open unknown e-mail–but Turner also advises computer users buy desktop intrusion-prevention software, with behaviour-based blocking capabilities to render Trojans ineffective.
14% of all internet attacks are against financial services firms
69% of all vulnerabilities reported were in web applications
13 average number of days it takes Microsoft to come up with a security patch
1 of every 122 e-mail messages contains malicious code
Source: Symantec Corp.'s Internet Security Threat Report