FOSTER CITY, CALIF. - January 16, 2007 -
FaceTime Communications, the leading provider of solutions for
securing and managing IM, P2P and Web-based greynets, today
announced its analysis of malware affecting today's enterprise
networks through instant messaging, P2P file sharing, and chat
applications. In an analysis of threats tracked or identified by
FaceTime Security Labs, 1,224 unique threats on greynet
applications were reported in the past year, with attacks over
peer-to-peer networks increasing by 140 percent over 2005 and
multi-channel attacks increasing from 18 percent in 2005 to 29
percent of all attacks in 2006.
While the number of unique malware instances is down vs. 2005,
when more than 2000 threats were identified, FaceTime researchers
warn that the nature of today's malware is more dangerous and can
cause greater damage. The threats are more complex, stealthier than
ever before and are propagating through multiple channels, making
them harder to identify and protect against. FaceTime researchers
expect this trend to continue as malware creators are more
technically savvy and better-funded, using social engineering to
create botnet armies at their disposal. Risky employee behavior on
the Internet has become one of the biggest network security
concerns for enterprise organizations.
Increasing Maliciousness More Important than Number of
Malware Attacks
Researchers at FaceTime Security Labs have gone beyond raw data
collection to seek out, analyze and expose the perpetrators behind
today's malware threats many of which use social engineering to
propagate through IM, peer-to-peer networks and social networking
web sites. The clear motivation is financial, with the major
malware discoveries of 2006 all pointing toward botnets designed to
gather personal or banking data for malicious means.
"The numbers alone don't tell the story," said Chris Boyd,
director of malware research at FaceTime Security Labs. "It is more
important to understand that, although major network disruptions
don't seem to result from malware attacks propagated via IM, the
sophistication, complexity and stealthy behavior of these threats
make them far more dangerous.
"The sources of the most insidious threats we identified in 2006
are not the glory-hungry hackers of yesterday. These are
cyber-criminals and click-fraud experts who are well funded,
extremely savvy, and their M.O. is to stay in the background and
collect as much information as they can before moving on to the
next target. To be discovered by taking down a network would be
counter-productive to their criminally-motivated financial goals,"
added Boyd. "
Chris Boyd, along with Wayne Porter, director of special
research for FaceTime Security Labs, will explore and expose the
behind-the-scenes action of these malware perpetrators during their
presentation, "Botnet Live: Tracing, Chasing and Building the Case
to Bust the Bad Guys," on Wednesday, February 7 at the RSA
Conference in San Francisco.
2007's Biggest Risk: Employees Undermining Corporate
Security
The danger of this new breed of malware is compounded by the
increasingly risky behavior of today's employees, who frequently
introduce consumer greynet applications onto the corporate network-
most often without the sanction of their IT department. The user is
squarely at the cornerstone of enterprise security concerns,
according to FaceTime's Second Annual Greynets Survey (October,
2006). The survey revealed that:
- Four in ten end users (39%) believe they should be allowed to
"install the applications they need on their work computers,"
independent of IT oversight or policy.
- Fifty-three percent of end users report they "tend to
disregard" company policies that govern greynet usage, specifically
IM and peer-to-peer file sharing.
- Eight in ten IT managers are at locations that have experienced
greynet-related attacks within the last six months
- The number of greynet applications installed on a typical
enterprise network have increased dramatically; work locations
where eight or more greynet applications are in use have doubled,
growing from 20 percent of all locations in 2005 to 41 percent in
2006.
- Sixty percent of managers report that within the past six
months, security attacks have been more likely to have invisible
effects (like keyloggers) rather than outcomes apparent to the end
user, such as a hijacked browser, making compromised PCs more
difficult to detect.
"Despite myriad security technologies employed by enterprise IT
managers to block malicious attacks, the user is often the biggest
vulnerability, especially on the real-time, socially-networked Web"
said Frank Cabri, vice president of marketing for FaceTime
Communications. "In 2007, the biggest security risk for
organizations is likely to be their own users, as employees install
consumer-oriented greynet applications onto their workplace
computer faster than the IT team can keep up with the corresponding
controls."
"The IT decision is no longer just to 'block or allow' use, as
these applications have become central to employee productivity in
the office. New security measures need to provide visibility and
control of these real-time collaborative applications in a way that
meets the needs of employees and the IT staff," added Cabri.
Top Threats of 2006 FaceTime Security Labs researchers
identified several financially motivated and potentially damaging
threats during 2006, including:
- March 15, 2006: The "Carder" botnets collectively represented
up to 150,000 compromised computers, which used a custom built PERL
script to fraudulently scan desktop and back-end systems to obtain
credit card numbers, bank accounts, and personal information
including log-ins and passwords. The operators could potentially
launch these scans from any computer on the botnet to mask their
actual location. Relevant files and information on a large number
of "at risk" credit card accounts were provided to federal
authorities by FaceTime researchers.
- May 22, 2006 - Unsafe "Safety Browser" affected Yahoo!
Messenger clients. The first, and extremely inventive, instance of
a self-propagating worm, named yhoo32.explr, installing a web
browser to hijack the Internet Explorer homepage, leading users to
a site that put spyware on their PCs.
- October 3, 2006 - The KMeth Worm (w32.KMeth) sent users to a
Web site serving a barrage of Google AdSense advertisements related
to mesothelioma, a rare cancer caused by exposure to asbestos.
Because of its relation to toxic tort litigation, the
cost-per-click for the keyword "mesothelioma" is one of the highest
in the online advertising pay-per-click market, making it a prime
target for financially-motivated malware writers.
About FaceTime Security Labs
Operating in three research centers around the world, FaceTime
Security Labs (FSL) is the threat research and remediation division
for FaceTime Communications. These experts identify and monitor
risks posed by viruses, worms, spyware and malware propagating
through applications such as IM, P2P, Chat and other real-time
applications, and provide customers automatic updates and
countermeasures to the latest malware threats.
About Actiance, Inc. (Formerly FaceTime Communications, Inc.)
FaceTime Communications became Actiance, Inc on January 11, 2011 following an agreement to
transfer the FaceTime trademark to Apple.
FaceTime Communications enables the safe and productive use of Unified Communications and Web 2.0,
including instant messaging, blogs and social networking. Ranked number one by IDC for five consecutive
years, FaceTime's award-winning solutions are used by more than 1,500 customers for the security,
management and compliance of real-time communications. FaceTime supports or has strategic partnerships
with all leading IM, unified communications providers and social networks including AOL, Google, Yahoo!,
Skype, Microsoft, IBM, Cisco, Facebook, LinkedIn and Twitter.
FaceTime is headquartered in Belmont, California. For more information visit
http://www.facetime.com or call 888-349-3223.
PR Contact Information: