Partly as a public service and partly as a marketing technique, antivirus vendor Sophos (http://www.sophos.com) publishes an update on the state of computer security every six months or so. The latest report just came out (July 2006) and it highlights an ever-increasing array of security threats that affect business and home users.
Among other problems, Sophos has documented the increased use of subtle social attacks that encourage users to perform dangerous behaviors such as clicking on attachments. While these attacks used to entice victims with the possibility of seeing Brittany Spears or some other celebrity "lightly clad," new enticements to click on evil attachments include political scandals, crime descriptions, and other newsworthy headlines. These threats are considered social attacks because they prey on natural human curiosity (or other common motivations) as a method of encouraging users to take inappropriate actions.
As always, the best protection against social attacks is to use training and awareness programs to educate users about the prevalence and nature of these threats. On the face of things training always appears expensive as an upfront preventative investment, but a careful analysis of the lost productivity and IT staff time involved in recovering from a malware attack shows that the investment in training generally pays off handsomely.
One additional important point is that more and more of these malware attacks work by installing so called "trojan horses" which allow a remote attacker to take partial or complete control of a compromised computer system. These trojan horses can lead to the destruction or dissemination of sensitive and important data. In turn, these losses can have powerful negative impacts on the reputation and success of a business.
The Sophos report is quite brief and easy to read. here is a link:
http://www.sophos.com/sophos/docs/eng/papers/sophos-security-report-jun06-srus.pdf