NEW YORK -- MessageLabs, a leading provider of integrated messaging and web security services to businesses worldwide, today announced the results of its MessageLabs Intelligence Report for January 2007. For the first time, MessageLabs reports that the proportion of phishing attacks has exceeded the number of threats from virus or Trojan attacks. Although the volume of threats from Trojan attacks decreased this month, MessageLabs did see the continuation of multi-variant virus attacks with the arrival of another wave of Warezov and StormWorm, all of which MessageLabs intercepted heuristically. The primary purpose of StormWorm is believed to be the creation of a new botnet of compromised computers.
MessageLabs attributes the increase in phishing attacks to several factors. Firstly, virus attacks have become more targeted and are no longer occurring as one large outbreak. Secondly, online merchants have recently shifted toward deploying two-factor authentication methods which have given rise to man-in-the-middle phishing sites. Man-in-the-middle attacks could signify an end to the traditional phishing techniques currently in use, and an escalation in more sophisticated phishing methods. Finally, an increasing number of phishing sites are now using Flash content rather than HTML in an attempt to evade anti-phishing technology deployed in Web browsers.