SOURCE: Secure Computing

August 15, 2007 08:00 ET

Secure Computing Reports Top Threats for First Half 2007 and Predicts Trends Moving Forward

Analysis Shows Web-Hosted Malware Attacks on the Rise; Information Stealing Malware Is Up From Last Year and Financial Attacks Will Continue to Increase

SAN JOSE, CA--(Marketwire - August 15, 2007) - Secure Computing Corporation (NASDAQ: SCUR), a leading enterprise gateway security company, today announced an increase in web borne malware attacks that are financially motivated, in a report outlining the top threats worldwide that afflicted enterprise and home users in the first half of 2007, as identified by Secure Computing's research team.

The Secure Computing report first identified that information-stealing threats and backdoor threats continue to be the greatest threats and are on the rise. Statistics show that this has been the predominant method by which attackers have impacted enterprises and home users.

Information-stealing malware now accounts for approximately 10 percent of all the threats tracked; this up from 8 percent in January. The report also shows an anticipated ongoing trend from malware directly attached to emails, towards messages that link to web-hosted malware.

Trojans continue to dominate the malware scene, accounting for nearly 63 percent of all newly-discovered variants. This is also up from 58 percent in January. And, Windows Executable Files remain the most popular vector for distributing new attacks.

Spyware infestations and phishing are on the rise as attackers revert to "quieter" (fewer but more targeted) attacks intended to steal personal or financial information. Gartner also states that financially-motivated targeted attacks using undetectable professional-grade malware are projected to have infected 75 percent of enterprises by the end of 2007.

Today's adware is now more often categorized as surveillance-driven spyware, or programs that are dropped onto a user's system and installed without their knowledge. In addition, spam linking to exploit sites where spyware is installed has also become an increasing issue among consumers.

"Blended threats such as spam emails carrying links to malware-hosting websites indicate the increased sophistication of content-borne attacks," said Chenxi Wang, principal analyst, Security and Risk Management for Forrester Research. "To better protect themselves, users should consider deploying a solution that is capable of cross-channel analysis and reputation assessment for both email senders and URLs."

"Today's threats are faster and more complex than ever. Secure Computing's reputation-based web gateway security solutions are optimally positioned to protect customers from phishing, malware, and blended threats," said Paul Judge, chief technology officer at Secure Computing. "Our approach is to deliver comprehensive and integrated, best-of-breed security appliances utilizing our advanced TrustedSource™ global reputation system and Webwasher Anti-Malware detection technology."


--  The year started with a large-scale Trojan mass-mailing in January.
    Due to subject lines such as "230 dead as storm batters Europe," it became
    known as the "Storm worm." During its most stormy phases, new variants were
    created in intervals of 15 minutes -- attempting to hinder signature-based
    detection. This technique, dubbed "Serial variant attack," became
    undesirably widespread throughout the following months of 2007.
--  When the US Super Bowl went into its final round in February, with the
    finalist teams' websites attracting many visitors, the Miami Dolphins'
    stadium website was compromised. The attackers utilized a recent
    vulnerability in Internet Explorer's rendering of Vector Markup Language
    (VML) documents (MS07-004), infecting visitors' computers with a password-
    stealing Trojan.
--  The year's first "high-profile" incident of a mass-mailing that linked
    to web-hosted malware emerged by the beginning of April, when emails with
    pictures of Britney Spears and Paris Hilton tempted users to visit a
    website that hosted a zero-day vulnerability in Windows' handling of
    Animated Cursor files (ANI). This vulnerability, a recurrence of a similar
    vulnerability (MS05-002) dating back to 2005 that was apparently not yet
    completely fixed, also affected those users that had just invested in the
    brand new Windows® Vista®. Fortunately, Microsoft released a patch for
    this critical vulnerability ahead of their Patchday schedule. As a side
    note, one of the very first servers that hosted these zero-day ANI
    exploits, was the same server (hosted in China) that was involved in the
    Dolphins Stadium hack few weeks before.
--  Web-hosted malware attacks included an alarming amount of compromised
    European web sites (more than 10,000) in June. So-called "hidden IFRAMEs"
    were injected into the websites, referring visitors to a malicious site
    using the MPack toolkit. MPack uses both the traditional attack vector
    (Internet Explorer and its ever-dangerous ActiveX functionality), as well
    as targeting users of the alternative Firefox and Opera browsers with an
    exploit for a Windows Media Player vulnerability (MS06-006). Successful
    exploitation can lead to infection by the "Torpig" banking Trojan.
--  Information-stealing malware, such as the latest variant of the
    GpCoder "ransomware" as well as the OnlineGames family of password-
    stealers, made up about 10 percent of all threats tracked. Some attacks
    were regional, as was the latest wave of "iBill" fake invoice Trojans that
    were mass-mailed primarily in Germany. Users who launched the malware
    attached to these emails (subject line "PayPal E-TAN Software Nr") were
    infected by the BZub.IF Trojan which monitors keystrokes and steals
    passwords from login web pages.
--  Backdoor Trojans continue to significantly affect home users around
    the world. For example, the new wave of mass-mailed "Storm" malware alone
    reportedly now accounts for nearly 100,000 infected PCs. The mailings that
    came with subject lines such as "You've received a postcard from a family
    member!" directed users to web-hosted exploits for several different
    vulnerabilities; they infect users' computers and attach them to the Storm
    family's P2P botnet.

In an effort to address these threats and more, Secure Computing researchers recommend that both enterprises and consumers assure their software and patches are up-to-date, and that they implement a multi-layered approach to proactively detect and block attacks. Appliances utilizing Secure Computing's advanced TrustedSource™ global reputation system and Webwasher® Anti-Malware detection technology put organizations a giant step ahead of others both in protecting against existing threats, and new malware or variants. The product's anti-malware technology goes beyond protecting against inbound threats at the gateway, but uses patent-pending techniques that enable detection and blocking of outbound "phone home" actions from PCs that may have been previously infected -- such as mobile computers that infected prior to re-connecting to the corporate network.

For more information about TrustedSource, Webwasher® and other Secure Computing technologies, products and solutions, please visit or email

About Secure Computing:

Secure Computing (NASDAQ: SCUR), a leading provider of enterprise gateway security, delivers a comprehensive set of solutions that help customers protect their critical Web, email and network assets. Over half the Fortune 50 and Fortune 500 are part of our more than 20,000 global customers in 106 countries, supported by a worldwide network of more than 2,300 partners. The company is headquartered in San Jose, Calif., and has offices worldwide. For more information, see

This press release contains forward-looking statements regarding the ability of Secure Computing products to protect and block malware threats and attacks, and such statements involve a number of risks and uncertainties. Among the important factors that could cause actual results to differ materially from those indicated by such forward-looking statements are the manner in which a systems administrator configures the firewall, technical difficulties, delays in product development, undetected software errors or bugs, competitive pressures, and the risk factors detailed from time to time in Secure Computing's periodic reports and registration statements filed with the Securities and Exchange Commission.

Contact Information

  • Ally Zwahlen
    Secure Computing Corporation
    Email Contact

    Paula Dunne
    Contos Dunne Communications LLC
    408-893-8750 cell
    Email Contact