The Story: Even when there’s good news on the security front, there always seems to be bad news to balance it out. And while we think this news is important for you to know, it’s not an exception to the Good News/Bad News Syndrome.
[ Slideshow: 2007's top underreported tech stories ]
According to IronPort Systems, outbreaks of viruses embedded in e-mail attachments totaled 860 in 2006 and 844 in 2005. But as of mid-October 2007, attacks totaled just 360. Dave Mayer, an IronPort product manager, said it’s likely that outbreaks will total 450 by the end of the year — a drop of 47 percent. It appears that evildoers are moving on: “Traditional viruses have been around for years, a long enough time to harden defenses against malicious attachments,” he said.
Earlier in the year, IronPort, Symantec, and McAfee all noted that image spam, which appeared about two years ago, is waning, now that defenses have improved. Filters have now gotten better at scanning the contents of the attachments, leading spammers to link instead to images elsewhere.
Mayer, whose company specializes in e-mail and Web security, says spammers are now placing those images on free photo-sharing sites — the ones people use to send vacation photos to friends and family — and embedding links to those images in their junk messages. These are difficult for spam filters to block because the same sites are used for legitimate photos as well.
But as the abuse of e-mail attachments has declined, other types of threats have escalated. For example, outbreaks of macro viruses, aimed at Office-type applications, have risen by 50 percent to 60 percent while URL viruses climbed by at least 250 percent this year, IronPort found.
The Bottom Line: It often seems as if the number of threats that you must be on guard against only increases, stretching your resources past the limits. But the truth is that threat profiles change over time, and some things you may be investing in are no longer as great a threat or are now handled by the tools you have in place. So, although you can’t get lax about security, you can focus more on newer threats.
Complete list of 2007 underreported tech stories: