Computer repairs, internet and the world

Thenumber of online threats will have grown tenfold by the end of 2007,according to researchers at anti-malware firm Kaspersky..

Kasperskyanalysts said at Infosec Europe 2008 that new malicious programsrecorded on the internet, including viruses, worms and Trojans,amounted to 2.2 million in 2007, representing a fourfold increase onthe 535,131 recorded in 2006.

David Emm, senior technologyconsultant at Kaspersky Labs, predicted that the year-end results for2008 will demonstrate a very different trend.

The overall volumeof detected malware reached 354GB in 2007, and many leading antivirusexperts called for urgent measures this huge increase in malware withthe utmost urgency.

"In addition to the quantity, the quality of malicious programs is alsoimproving," said Emm.

"Newand more complex samples such as the notorious Storm worm are emergingthat demonstrate a wide range of hostile behaviour and distributionmethods."

Kaspersky added around 250,000 new signatures to itsantivirus databases in 2007 but, according to its forecast, one millionnew signatures will be added in 2008.

"With the help of newtechnologies it will be possible for a fourfold increase in the numberof new signatures to combat the tenfold increase in the number of newmalicious programs," explained Emm.

"These technologies allowone signature to successfully neutralise dozens or even hundreds ofdifferent types of malicious programs."

Security firm RSA has warned that thesoftware kit behind half of the world's phishing attacks has beenupgraded..

The RockPhish software has been used in attacks on over 40 European and USfinancial institutions.

Thetool has been very successful, using innovations including unique URLgeneration to defeat blacklists. But Rock Phish has not used malware aspart of its attack until recently.

The fake phishing pages nowinclude a Trojan dubbed Zeus, so that once a victim's financial datahas been harvested the Trojan allows the computer to be controlledremotely.

"The victim is duped into visiting a phishing site," said Uriel Maimonfrom the RSA 24x7 Anti-Fraud Command Center.

"Whetheror not the victim surrenders his/her credentials into the site isirrelevant, as many people click on phishing links but do not fill inmeaningful information.

"However, with this new attack twist the victim will still be infectedwith a Trojan."

Thegroup behind the Rock Phish attacks did not develop the Trojanthemselves, but purchased it for the job in much the same way as alegal software developer.

Zeus is a very flexible and persistentTrojan which can be used to steal data, make the infected machine partof a botnet and even take regular screenshots of a user's activity.

"TheZeus Trojan has many startling capabilities," said Maimon. "As I lookon this blissful union of fraud and crime technologies, I can only envythe criminals who can find such coupling."

The Rock Phish software has become something of a cause célèbre in theIT security industry since it surfaced.

The creators have been described as the Kaiser Söze of the online world,and no-one is sure whether the creator is a single person or a hackinggroup.

RSAis confident that it is a hacking group behind the code, and no-onedisputes that the software has been astonishingly successful.

Hundreds of millions of pounds have been siphoned out of users' bankaccounts over the past four years.

Securityresearchers have discovered a new web-based attack tool which exploitsup to 14 browser vulnerabilities and installs malware on the user'ssystem..