You can no longer trust Office or QuickTime files that arrive in e-mail, even from organizations and people you deal with regularly.

For that matter, any file from a popular software application, sent by e-mail or accessible at a website, is no longer trustworthy. Why? Data thieves are increasingly using them as snares in attacks that focus on patrons of companies and agencies that collect sensitive data, or zero in on specific individuals within certain organizations.

Targeted attacks often escape detection. But click on the wrong thing, and “You could be opening up a door that allows the hacker to do some really bad damage,” says Alan Paller, research director at The SANS Institute, a tech security think tank.

One indicator this trend is on the rise: Microsoft last week issued security patches for a dozen critical vulnerabilities in its Office suite of programs. Since 2006, more than 260 security holes have been discovered in widely used programs from Microsoft, Adobe, Apple and RealNetworks, according to security firm Secunia. Prior to 2006, there were only a handful.

The driver: powerful “fuzzing” tools that continuously try endless strings of computer code, searching for an open path to the computer hard drive.

More at http://www.usatoday.com/tech/news/computersecurity/2008-03-18-hacker-attacks_N.htm?csp=34

Tags: hacker attacks, security patches, security-holes