Hackers shifting from e-mail to web, report says

The growth of user-created web content on sites like YouTube is going to become the hot spot for online security in 2007, security company Sophos PLC predicted Monday.

The growth of user-created web content on sites like YouTube is going to become the hot spot foronline security in 2007, security company SophosPLC predicted Monday.

This year "is likely to see a significant shift away from the use of e-mail security threats, with cyber-criminals instead looking to exploit the continued global growth in web use, as well as user-defined web content," the company said.

Hackers are turning to new avenues to launch their attacks because users are increasingly protecting their e-mails.To back its point, the company said it findsan average of 5,000 new URLs hosting malware (malicious software)every day.

"Cyber-criminals are seeking new ways to distribute malware, and the web seems to be the logical environment as mounting applications and social sites keep end users active on the internet," Ron O'Brien, senior security analyst, said in a release.

E-mail security is getting better, the company said, as the proportion ofinfectedmessages fell to0.3 per cent (one in 337) last year from2.2 per cent (one in 44) in 2005.

But e-mail will continue to bean important means ofinfecting users' computers with programs designed to turn them into unwitting disseminators of spam or steal their personal information to commit frauds.

In fact, more than 90 per cent of all spam in 2006 wasrelayed from zombie computers, thosecontrolledby hackerswithout the owners' knowledge, the company said.

Spyware down, Trojans up

ButSophos saidthere was a drop in the use of traditionalspyware — software that stealspersonal information from people's computers — last year in favour of Trojan downloaders.

Trojan viruses dupe users into giving up crucial information by luring them to click "yes" to an apparentlyinnocent request, such asa licence agreement for a piece of software they have just downloaded.

The company's statistics suggest that between January and December last year, the proportions of spyware and Trojans had reversed.

At the beginning of the year,e-mails infected with spyware accounted forabout half ofall infected e-mail, and mail linked to sites with Trojan downloaders was about 40 per cent.

By December 2006, Trojans accounted for 51 per cent of evil e-mail, and spyware about 42 per cent.

China, U.S. malware centres

The company also saidthat almost a third ofall malware is now written in China, most of it Trojans, and a large proportion "designed for the specific purpose of stealing passwords from online gamers."

Malware writers based in Brazil are responsible for 14 per cent of the traffic, most of which is designed to steal information from online bankers.

Sophos concluded that the U.S.and China together accounted for about two-thirds of all malware in 2006, with just over 30 per cent each.Noother country was even close.

"The U.S. market is undeniably a target for online criminal activity. More and more, organizations with U.S.-based websites are falling victim to targeted attacks," O'Brien said.

The U.S. and China also led the spam spreaders, withthe U.S. at 22 per cent and China atnearly 16 per cent.

Ten other countries came in between 7.4 per cent and nearly two per cent, but a quarter of all spam was spread from countries that didn't make the Top 12 list.