Eight out of 10 CIOs think that using smartphones in the workplace increases the business’s vulnerability to attack, and rank data breaches as their top related security concern. Yet half of organizations fail to authenticate their employees’ mobile devices, among other basic security measures.

Those finding come from a report released Wednesday conducted by market researcher Ovum together with the European Association for e-Identity and Security (EEMA). The study found that the so-called consumerization of enterprise IT, meaning employees who bring ostensibly consumer devices to work, continues at full pace. According to the report, 48% of employees are allowed to use mobile devices that they own to connect to corporate systems. Meanwhile, 70% of employees can currently use corporate-owned computing devices for personal activities.

While malicious software for smartphones is on the increase, it could still be human error that creates the easiest opportunities for cyber-crime.

Ever since phones became “smart”, there has been concern that they could become riddled with malicious, self-replicating viruses and worms just like their less portable PC relatives.

So far however, the expected deluge has not happened. Cyber-criminals are not flooding smartphones with malware.

“The organisations or bad guys are looking for money,” says Tony Osborne of online security firm Symantec.

“I think as we see mobile phones used more as a method of purchasing or creating financial transactions, then we’re going to see far more attacks.”

Zeus, a virus that steals online banking details from infected computer users, is more powerful than ever, warns a web security company.
Trusteer says it has spotted the Trojan virus in one of every 3,000 of the 5.5m computers it monitors in the US and UK.
Zeus 1.6 can infect Windows machines using Firefox and Internet Explorer web browsers, the company claims.

The malware steals login information by recording keystrokes when the infected user is on a list of target websites.

These websites are usually banks and other financial institutions.

The user’s data is then sent to a remote server to be used and sold on by cyber-criminals.

“We expect this new version of Zeus to significantly increase fraud losses, since nearly 30% of internet users bank online with Firefox and the infection is growing faster than we have ever seen before,” said Amit Klein, chief technology officer at Trusteer.

DIY virus

In March 2010, many parts of the command and control (C&C) system for the Zeus botnet were destroyed when the Kazakhstani ISP that was being used to administer it was cut off.

However, it does not take long for malware controllers to spring up elsewhere, and toolkits for assembling botnets are readily available on the black market.

“There are plenty of opportunities for people to purchase access to these systems through underground chat rooms,” said Dr JD Marsters, from the department of electronics and computer science at the University of Southampton.

“It’s a game of cat and mouse between anti-virus vendors and botnet developers.”

Computer users should ensure that their anti-virus software and operating systems are kept up to date, he advised.

http://news.bbc.co.uk/1/hi/technology/8634356.stm