Advertisement
Promo

Security threats Toolkit

Browser-based attacks increase as viruses decrease

Joris Evers CNET News.com

Published: 15 Jun 2005 10:45 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

As the threat to IT operations by viruses and worms declines, browser-based attacks are increasing, according to a technology trade organisation.

On Tuesday the Computing Technology Industry Association, or CompTIA, released its third annual report on IT security and the work force. The survey of nearly 500 organisations found that 56.6 percent had been the victim of a browser-based attack, up from 36.8 percent a year ago and a quarter two years ago, CompTIA said.

Browser-based attacks often take advantage of security flaws in Web browsers and other components of the user's PC such as the operating system. The attacks' objective could be to sabotage a computer or steal private data and can be launched when a user visits a Web page that appears harmless but contains malicious code.

One of the ways to lure victims to a bad Web site is through spam emails that include a hyperlink. Phishing, a form of attack that typically includes email and fraudulent Web sites resembling legitimate sites, is on the rise, CompTIA said.

A year ago, 18 percent of organisations said they had become victims of phishing, this year that is up to 25 percent, CompTIA said. Phishing is online fraud that attempts to steal sensitive information such as usernames, passwords and credit card numbers.

Still, viruses and worms continue to be the No.1 IT security threat, though the number of these attacks has levelled off. Two-thirds of organisations reported they had experienced such attacks in the past year, down slightly from 68.6 percent a year ago.

New pests are also affecting users, CompTIA said. Pharming and threats to mobile devices are causing headaches. In pharming attacks users are redirected to a malicious Web site after an attacker hijacks a domain-name system server -- a computer that maps text-based Web site names to actual IP addresses.

CompTIA commissioned TNS Prognostics to conduct the study, which included interviews with 489 professionals from government, IT, financial, education and other sectors, the organisation said.

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
72 out of 124 people found this useful


Full Talkback thread

0 comments

Video icon

Video

Sentry Posts Blog

Met will not reopen phone hack investi...

The Metropolitan Police will not reopen its investigation into alleged phone hacking by the News of the World. In a press statement delivered outside Scotland Yard on Thursday, Assistant... More

Post a comment

FUD over ChromeOS's security already?

It hasn't taken long for the security vendors to wake to the potential of Google's new ChromeOS. The potential that is, to create FUD – fear uncertainty and doubt. In a release today,... More

Post a comment

Feds take DDoS in their stride

The US Department of Homeland Security has said that a series of distributed denial-of-service attacks began on US government networks on 4 July. However, Amy Kudwa, deputy press... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters