CompTIA's Eighth Annual Global Information Security Trends study, published last November, found that many companies continue to play catch-up, struggling to keep pace with new threats and vulnerabilities. Since 2008, security has been increasing as an organizational priority, from 35 percent to 49 percent in 2010 and an expected 62 percent in 2012.
Spam, the electronic version of junk mail, has been a huge problem for years, and according to new reports from McAfee, Trend Micro, Cisco and Dell, the problems, if not the volumes, are only going to get worse. Spam accounted for 80 percent of total e-mail traffic in the fourth quarter of 2010, the lowest point since the first quarter of 2007, states McAfee's Threats Report: Fourth Quarter 2010. Of the almost 55 million total pieces of malware McAfee Labs identified, 36 percent was created in 2010.
McAfee attributes this ebb in spam to a "transition period," with several botnets going dormant during a time of year when spam volumes are usually on an upward path. This quarter's volume is off by 47 percent from last quarter and by more than 62 percent since the start of 2010. The company predicts a retooling and possibly some consolidation in the botnet space that will ultimately lead to growing spam volumes.
"Spambots are just the tip of the iceberg," says Jamz Yaneza, threat researcher, Trend Micro. "In almost all cases, the larger issue points to the lack of focused security and enforcing policies to prevent infection or installations of rogue applications." The generated spam volume can easily show how large of a compromise has been done and is rather indicative of the fact that a bot is installed; the spam traffic shows that the compromise has been done and that the installed bots are now looking for other targets outside of the currently affected network.
"Think of it like an army: Once an area has been fully 'secured,' it's time to send the runners and feelers to target the next campaign. ... Enterprises and individuals as well should be vigilant and use tools to identify, isolate and eradicate the threat--whether this will involve full re-imaging or re-installation will fully depend on the confidence and infrastructure after a damage clean-up operation has been performed."