May 30, 2012, 6:42 PM — By all accounts, the malware Flame is something. Maybe something huge. Maybe something old and not that interesting. Maybe another shot in the skirmish that's allegedly going on between Israel and Iran for years over limits on nuclear weapons.
One thing's for sure about Flame: it has generated a lot of page views.
Even when it's not any direct threat, malware is fascinating, for all kinds of reasons. The risk of getting bitten in the tuchus for doing something interesting hits all those guilt buttons. The potential for a problematic infection coming from users you've warned a hundred times not to open attachments to obvious spam is another.
The voyeuristic thrill of seeing someone else damaged by something you managed to avoid (through no fault of your own) is enough to back up traffic for even minor accidents.
The problem, at least with malware, is we don't know which threats are necessarily threats to us – a variable that sits very close to the center of any risk calculation.
After studying malware attacks on more than 700 companies worldwide, ThreatMetrix has boiled down the threat to the four most prevalent risks.
ThreatMetrix' short list – published in an article in BankInfoSecuirty – isn't specific enough to put any individual risk onto your To Counter list, but it will clarify the picture enough to know what categories deserve the most worry.
Tops on the list? Mobile anything, but primarily Android, the new favorite platform for malware writers for its popularity, lax security and clueless users.
No. 2 top malware threat:Social networks spread social malware. Trojans, specifically. The problem with social networks is that we trust people we're connected to on Twitter, LinkedIn or Facebook, according to ThreatMatrix. The problem with people we're connected to is that they're morons who allow their own accounts to be compromised or directly pass Trojans on to their own vulnerable, gullible friends. Bastards.
No. 4 top malware threat: BYOD. Convenient, useful and inescapable as it is, BYOD presents risks to the company by allowing employees who may stick to security policies in the office to bring in devices that live in the place where they wallow in Trojans, malware and spam. Welcome to my messy inner sanctum, formerly secure employer. Have you met my "banker" Dmitri?