SMS-ishing & V-ishing amongst future threats

Terms like sms-ishing or v-ishing may be a part of common security vernacular, according to McAfee Avert Labs director of operations, Joe Telafici.

US-based Telafici explained the new terminology during a visit to Australia this week, arguing that the changing methods of hackers was a cause for concern.

While social engineering was still the primary way to spread malware, phishing, in particular, continued to evolve with two new mutations increasingly seen - SMS-ishing and V-ishing.

SMS-based phishing, or SMS-ishing, convinces a user to click on a link in a SMS message leading them to a fake website from where their personal details can be phished.

Voice-based phishing, or V-ishing, refers to an automated voice message sent to VoIP phones aimed at convincing users to also volunteer their details.

Furthermore, the dramatic upsurge of malware volumes over the past five years could have dire consequences for the world economy, Telafici said.

“Today it’s for criminal and commercial motivation,” he explained. “The challenge here is [that] we have groups of people who are semi-professional and had jobs in IT. This paints a new challenge for us,” said Telafici.

Password stealers were also rapidly increasing, with 6000 password stealers circulating on the Web in 2006 compared to 500 in 2001. “This year we’re starting to see this being used against government departments and financial sectors,” said Telafici.

Illustrating the exponential rise in threats, he said that it had taken some 14 years for the cumulative total of malware including viruses, worms and Trojans to reach 100,000. It then took 2 years to reach over 200,000. “I think we’ll probably hit 300,000 threats by the end of 2007, early 2008."

This week McAfee also unveiled its top ten security threats list for 2007 which listed password stealing websites and increased spam volumes as its top two threats.

amongstfuturesecuritythreats