McAfee® AVERT Reports Top 10 Threats for 2004 and Advises on Future Threats and Trends
Analysis Shows Enterprises Have Been Most Affected by Bots, Adware and Vulnerabilities, While Consumers Have Been Affected by Adware and Exploits Taking Advantage of Vulnerabilities

BEAVERTON, Ore., Jan. 3 /PRNewswire-FirstCall/ McAfee, Inc. (NYSE: MFE), the pioneer and worldwide leader of intrusion prevention solutions, today announced the top 10 malicious threats identified by McAfee® AVERT™, the company's Anti-virus and Vulnerability Emergency Response Team, to affect both enterprise and home users worldwide in the 2004 calendar year.

McAfee AVERT reports that Bots and Mass Mailers are still the predominant method by which virus writers impact enterprises, whereas Exploits and Adware account for over 60% of the malicious threats tracked, significantly impacting consumer and home users.

Based on reports, McAfee AVERT anticipates that Adware and unwanted content, transmitted via email and the Web, will continue to increase in 2005, with programs becoming increasingly complex.

Threats will be combined with content such as Spam and Phishing as the year progresses. It is anticipated that successful phishing schemes will continue to increase throughout 2005 due to a general lack of consumer awareness.

Additionally, the number of exploits that attack discovered vulnerabilities will increase as more vulnerabilities are discovered and disclosed. These assessments are based on AVERT's conclusions that today's programs are evolving rapidly, and could at some point, succeed mass mailers, the dominant threat of the past six years.

Computer virus attacks reaching a Medium risk assessment or higher have dramatically increased in 2004, compared to 2003. McAfee AVERT has assessed 46 threats as a medium risk or higher compared to 2003's total of 20 threats reaching that same risk level.

Most of this was due to the Netsky Bagle war that consumed most of Q1 2004. Within the first half of 2004, 50 new computer viruses (of varying risk assessments) were discovered daily.

And by the end of 2004, detection for 17,000 new malware threats were added to AVERT's growing database of threats.

The top 10 threats in 2004 all fall into one of the following key areas: spyware/adware threats, email-borne virus threats, and malware threats delivered by spam.

Listed in alphabetical order are the top threats for 2004:
Adware-180
Adware-Gator
Exploit-ByteVerify
Exploit-MhtRedir
JS/Noclose
W32/Bagle
W32/Mydoom
W32/Netsky
W32/Sasser
W32/Sdbot (family including sdbot, gaobot, polybot, spybot)

McAfee AVERT continues to expand its vulnerability and exploit analysis and reporting in 2004. McAfee AVERT reports that threats using vulnerable systems in 2004 totaled more than 380, exceeding totals in 2003 by approximately 50%.

McAfee's VirusScan online service reported more than 2 million detections for various types of exploits that were found on machines managed by the program. McAfee AVERT believes that this number will grow due to the continuing interest by hackers to exploit unpatched consumer systems.

Vulnerabilities discovered in 2004 totaled more than 2,800, which is down 25% from 2003. Though security companies are becoming increasingly adept at recognizing and fixing these vulnerabilities, along with manufacturers providing faster patch updates, hackers are becoming quicker at producing exploits in attempts to launch a major zero day attack.

"In 2004, the rise in viruses, worms, phishing, adware and vulnerability exploitation has surpassed what was noted in 2003," said Vincent Gullotto, vice president of McAfee AVERT. "Although we saw a steady 5% (year over year) decrease in the rate of virus production from 2000 to 2003, we have seen an increase in 2004 which can be partly attributed to Bagle and Netsky authors feuding, as well as a general lack of awareness in regards to adware and other such programs."

Bots Continue to Climb:
A "BOT" is an automated program that answers to commands from another source (robot). McAfee researchers estimate that there are over 7,000 bots in existence today.

They are growing at a rate of about 150 to 200 per week. Some bots are less pervasive than others. However, McAfee has seen a recent trend toward bots that download adware onto a users system.

These programs also have the ability to propagate quickly on the compromised system. Like any evolving security threat, the writers of these intrusive programs continue to develop new variants that propagate on systems that do not have proactive protection against buffer overflows.

Proactive generic protection is becoming imperative.

Spyware/Adware Threats Become an Increasing Concern:
Today's adware is more often categorized as surveillance-driven spyware, programs that are dropped onto a user's system and installed without their knowledge.

In addition, spam that is encoded with exploit capabilities to install spyware has become an increasing issue among consumers. On average, at least 13 adware components can be found on every machine.

Consumers are more affected by spyware/adware threats and less by email-borne threats because most consumers use Internet Service Providers that proactively scan and clean email viruses before being delivered to the consumer.

Phishing and Identity Theft is a Rising Concern:
Phishing became a major concern in 2004 and threatened both enterprise and consumer users worldwide and shows no signs of slowing down. Phishing is the distribution of email messages that have return addresses, links and graphic art that make the emails appear to be from a legitimate source that actually involves an effort to obtain private financial information such as passwords and Personal Information Numbers (PINs).

As reported by the Anti-Phishing Working Group, an industry association that McAfee recently joined to help fight identity theft and fraud, 176 unique new phishing attacks were reported in January 2004.

By June 2004, that number had skyrocketed to a reported 1,422 unique phishing attacks and now stands at 1,518 for the latest reported month of November.AVERT RecommendationsIn an effort to address the above threats and malicious programs, McAfee AVERT recommends both McAfee enterprises and consumers constantly stay updated with the latest DATs, install the latest patches, employ current spam filters and implement a multi-layered approach to detecting and blocking attacks.

For more information and solutions that can help enterprises and consumers ensure constant security protection, please visit www.mcafee.com. McAfee AVERT Labs is one of the top-ranked anti-virus and vulnerability research organizations in the world, employing researchers in thirteen countries on five continents.

McAfee AVERT combines world-class malicious code and anti-virus research with intrusion prevention and vulnerability research expertise from the McAfee® IntruShield® and McAfee® Entercept® organizations, two research arms that were acquired through IntruVert Networks and Entercept Security.

McAfee AVERT protects customers by providing cures that are developed through the combined efforts of McAfee AVERT researchers and McAfee AVERT AutoImmune technology, which applies advanced heuristics, generic detection, and ActiveDAT technology to generate cures for previously undiscovered viruses.

About McAfee, Inc.
McAfee, Inc., headquartered in Santa Clara, Calif., creates best-of-breed intrusion prevention and risk management solutions. McAfee's market-leading security products and services help large, medium and small businesses, government agencies, and consumers prevent intrusions on networks and protect computer systems from critical threats.

Additionally, through the Foundstone Professional Services division, leading security consultants provide security expertise and best practices for organizations.

For more information, McAfee, Inc. can be reached at 972-963-8000 or on the Internet at http://www.mcafee.com/.

NOTE: McAfee, AVERT, Entercept and IntruShield are either registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.SOURCE McAfee, Inc.