New year, same spyware

It's the New Year, so of course we have plenty of looking back and looking forward to do.

Free IT resource Virtualization Insights from Top Experts - Learn how virtualization gets real! Sponsored by Dell Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft

Let's look backward first courtesy of McAfee, which has tallied reports for the past year from its corporate users and consumers.

The top 10 threats of 2004 all fall into one of the following key areas: spyware/adware, e-mail-borne viruses, and malware delivered by spam. Listed in alphabetical order are the top threats for 2004 (drum roll, please):

Adware-180
Adware-Gator
Exploit-ByteVerify
Exploit-MhtRedir
JS/Noclose
W32/Bagle
W32/Mydoom
W32/Netsky
W32/Sasser
W32/Sdbot

Any of those sound familiar? I get Vincent Gullotto, vice president of McAfee's Anti-Virus Emergency Response Team (AVERT), on the phone to talk about the results, and he breaks down some of the trends for the year now disappearing in the rearview mirror.

Bots and mass mailers remained the predominant method by which virus writers make life miserable for businesses and enterprises, Gullotto says. For consumers and home users, exploits and adware accounted for more than 60 percent of the malicious threats tracked. If you doubt McAfee's conclusions, run a free program such as Spybot from your computer and view the results.

Now let's look forward: Based on the 2004 trends, McAfee anticipates that adware and unwanted content, transmitted via e-mail and the Web, will continue to increase in 2005 (surprise).

In addition, those programs are becoming increasingly complex. Threats will be combined with content such as spam and phishing, according to Gullotto. "Once they gain access to your network or computer, they can then do more malicious damage. That's the issue with a combined attack," Gullotto says.

Gullotto also says zero-day attacks are already occurring. "But they are happening on a small level. It's possible they could become global this year," Gullotto says.

All right, enough of the bad news. I ask Gullotto whether there's any good news for 2005.

There is a long silence. I take that as a sign that I should rephrase the question: "What should enterprises and consumers do to prepare for security issues in the upcoming year?"

Suddenly, the phone line pops to life again.

"At the enterprise level, security managers should look at additional alternatives to the traditional anti-virus and firewalls," Gullotto explains. "We, as a security company, have seen that pure anti-virus and firewall solutions are not the be-all-and-end-all, as more and more people are trying to find dubious ways to attack networks."

Gullotto recommends enterprises look at IPSes and IDSes for additional protection. But for home users, security remains a difficult issue, and it's not going to get any easier.

"Like other security companies, we are investigating new technologies, but consumers need a plug-and-play approach, and that hasn't happened yet. The best thing for consumers to do is to keep their anti-virus and firewall systems updated," Gullotto says.

Happy New Year, I think.