3:28 PM -- It's the end of Halloween week, and by now you've probably had enough vampires, ghouls, and Elvis ghosts. If you're like me, your worst scare probably came yesterday morning, staring at the bathroom scale after all that leftover candy.
Unfortunately for security pros, however, the scary stuff just keeps coming. And in most cases, it's very real.
The threats from botnets are perhaps the most serious and frightening. Earlier this week, we learned that botnets are not just harnessing the uneducated and unpatched consumer PC, but whole groups of enterprise machines as well. How many of your machines are currently zombies in a major botnet? It's worth checking into. (See Bots Rise in the Enterprise.)
Before you go too deep into your investigation, though, you should know that fighting botnets has a price. The Storm worm/Trojan, for example, can detect efforts to research its behavior -- and level researchers with a denial of service attack. (See Researchers Fear Reprisals From Storm.)
And of course, botnet operators and spammers are continually coming up with new ways to fool users and suck them into their scams. Just this week, we've seen spam and malware dressed up as dancing skeletons and popular music and video recordings. These exploits could be the winners at any costume contest. (See Industry Hears First 'Singing Spam' and Halloween Spam Storms Inboxes.)
But the threats don't stop at the PC. Earlier this week, a slew of vulnerabilities were discovered in voice over IP services, including the popular Vonage. These exploits could enable hackers to steal account information or even eavesdrop on conversations. (See Researcher: Vonage Vulnerable.)
Had enough scares? Okay, let's cut to the monster: An Israeli news organization claims to have translated a message from Al Qaeda leadership, ordering an all-out cyber jihad on western targets beginning on November 11. If there's any truth to it, there could be a whole lot of trouble in networks all over the world in less than two weeks. (See Report: Al Qaeda Schedules Cyber Jihad for Nov. 11.)
Unfortunately, these threats aren't part of a bad slasher movie, and they won't go away with the candy. If you're a security pro, these are issues you'll have to deal with today -- if you don't want them going "bump" in the night tomorrow.
Tim Wilson, Site Editor, Dark Reading