Tuesday, September 29, 2009

Password, Username Stealing Malware Volume Jumps 400%













Malware such as Clampi and Sinowal that steal passwords and authentication credentials are becoming far more common and dangerous. They are increasingly more adept at avoiding detection by conventional security measures and more able to defeat security precautions to prevent data theft. This threat will require all organizations with sensitive data to think beyond antivirus and firewalls.
  *Hardware!



Clampi, the Trojan that Secure Channel wrote about yesterday, is a fine example of why we’ll never see another Code Red, Nimda or LoveLetter virus again. The intent of malware is no longer to cause mass service disruptions, but rather to steal as much information as possible without getting detected.





Trojans, worms, viruses and rootkits the likes of Clampi, Sinowal and StealthMBR are now the masters of the malicious code.





McAfee’s Avert Labs released a new report that shows the volume of

username password-stealing and keystroke logging

malware jumped nearly 400 percent between 2007 and 2008.






McAfee’s prediction: the trend will continue to expand in both volume and scope. This trend will force organizations handling even routine data to think beyond conventional antivirus applications and perimeter firewalls for their security



Yeah...here's the no-brainer directly from the think tank: "Financial transactions need to be done outside the browser"  As Avivah Litan, distinguished analyst from Gartner so eloquently put it:  



"Nothing that goes through the browser can be relied upon."
The man-in-the-browser attacks that are going on against these corporate cash management applications are all circumventing one-time password," she says.




 

Continue Reading at Channel Insider


Reblog this post [with Zemanta]

Disqus for ePayment News