Malware such as Clampi and Sinowal that steal passwords and authentication credentials are becoming far more common and dangerous. They are increasingly more adept at avoiding detection by conventional security measures and more able to defeat security precautions to prevent data theft. This threat will require all organizations with sensitive data to think beyond antivirus and firewalls. *Hardware! Clampi, the Trojan that Secure Channel wrote about yesterday, is a fine example of why we’ll never see another Code Red, Nimda or LoveLetter virus again. The intent of malware is no longer to cause mass service disruptions, but rather to steal as much information as possible without getting detected. Trojans, worms, viruses and rootkits the likes of Clampi, Sinowal and StealthMBR are now the masters of the malicious code. McAfee’s Avert Labs released a new report that shows the volume of username password-stealing and keystroke logging malware jumped nearly 400 percent between 2007 and 2008. McAfee’s prediction: the trend will continue to expand in both volume and scope. This trend will force organizations handling even routine Yeah...here's the no-brainer directly from the think tank: "Financial transactions need to be done outside the browser" As Avivah Litan, distinguished analyst from Gartner so eloquently put it:
|