This
was the company's eighth Internet Security Threat Report, covering
the six-month period from 1st January to 30th
June 2005. It identified new methods of using malicious code for
financial gain with increasing frequency to target desktops rather
than enterprise perimeters.
The report also found a rise in the exposure of confidential
information, which can result in significant financial loss,
particularly if credit card information or banking details are
exposed. During the first half of 2005, malicious code that exposed
confidential information represented 74% of the top 50 malicious
code samples reported to Symantec, up from 54% in the previous six
months.
"Attackers are moving away from large, multipurpose attacks on
network perimeters and toward smaller, more targeted attacks
directed at web and client-side applications," said Arthur Wong,
vice president of Symantec Security Response and Managed Security
Services. "As the threat landscape continues to change, users need
to be diligent in keeping systems up-to-date with security patches
and security solutions."
Additionally, bot networks and custom bot code were available
for purchase or rent. Symantec observed an average of 10,352 active
bot network computers per day, an increase of more than 140% from
the previous reporting period's 4,348 bot computers. As the
financial rewards increase, attackers will likely develop more
sophisticated and stealthier malicious code that will be
implemented in bot features and bot networks, some of which could
attempt to disable antivirus, firewalls, and other security
measures.
Modular malicious code – malicious code that
has limited functionality initially but then downloads additional
functionality once a system has been infected – is also increasing.
The shift toward modular malicious code is significant as it
indicates that attackers may be attempting to avoid detection and
attempting to compromise a system further by opening back doors on
an infected system or visiting web sites where further malicious
code can be retrieved and placed on the target system.
The report also found that phishing attacks continue to
proliferate. The volume of phishing messages grew from an average
of 2.99 million messages a day to 5.70 million. One out of every
125 e-mail messages scanned by Symantec's anti-spam software was a
phishing attempt, an increase of 100% from the last half of 2004.
Symantec's antifraud filters were blocking more than 40 million
phishing attempts per week on average, up from approximately 21
million per week at the beginning of January.
The Cupertino, California-based company also observed that
denial of service attacks grew from an average of
119 per day to 927 per day during the first half of 2005 – a 680%
increase over the previous reporting period. The most frequently
targeted industry was education, followed by small business and
financial services.
Adware, spyware, and spam continue to
propagate, according to the report. Eight of the top 10 adware
programs were installed through web browsers. Of the top 10 adware
programs reported, five hijacked browsers. Six of the top 10
spyware programs were bundled with other programs and six were
installed through web browsers. Symantec also observed that spam
made up 61% of all email traffic and that 51% of all spam received
worldwide originated in the US.
Symantec also expects an increase in the number of attacks and
threats directed at wireless networks. Voice over Internet protocol
(VoIP) threats are likely to emerge as more enterprises merge their
data and voice networks, it says.
OUT-LAW Phishing Conference
OUT-LAW is running a half-day conference on phishing in London
on 27th October 2005 for those in financial services,
other brand holders and anyone else with an interest. Speakers from
APACS, Cyota, Barclays Bank and OUT-LAW will explore the threats,
the laws and the possible solutions. See full Phishing Conference details.
