Virus and other computer attacks may be graduating from seeking notoriety or just geeks wanting to have mad fun to seeking profit. Internet commerce became the number one target of malware writers and disseminators in the first six months of the year, according to a bi-annual study released by the makers of Norton Anti-Virus.
Nearly 16 percent of malware attacks between January 1 and June 30 targeted e-commerce, which Symantec Corp. said equaled a 400 percent rise from the previous six months, in which four percent of malware attacks went after e-commerce. This, Symantec suggested, indicated a shift from geeks’ mad fun to profitseeking, amplified by a corresponding rise in phishing and in the spread of spyware aimed at stealing confidential information to pass on to malware writers.
"[E]xploits are being created more easily and faster than ever, while attackers are launching more sophisticated attacks for financial gain," said Symantec vice president for security response and managed security Arthur Wong, as the company published its twice-yearly Internet Security Threat Report. "Software vulnerabilities and targeted attacks remain a primary area of concern for organizations and individuals.”
Also becoming more popular are attacks against Web application technologies “because of their widespread deployment within organizations and the relative ease with which they can be exploited,” Symantec said. All the attackers have to do here is get into one end user’s computer, making an end-run around “traditional perimeter security measures.”
Symantec said almost 82 percent of known Web application vulnerabilities were deemed easy to exploit in the first six months of the year, with the time between finding and announcing a vulnerability and exploiting it averaging a mere 5.8 days. Symantec monitoring found an average of 48 new vulnerabilities a week in the first half of the year and over 1,237 in all, forcing organizations to deal with over seven new vulnerabilities a day.
And a rise in so-called bot networks – programs put into computers covertly, letting hackers control them from remote locations for anything from conducting spam to launching massive denial-of-service attacks, without the computer owners’ knowledge – has produced over 30,000 average monitored bots a day in the first half of this year, up from under 2,000 a day in the previous six months. The highest first-half peak was 75,000, Symantec said.
Symantec half-year analysis showed the Slammer worm to be the most common stack, responsible for 15 percent of attacking Internet protocol addresses launching attacks related to that worm, with Gaobot and its variants the second most common. But the good news is that the daily attack volume is falling because Net based worm attacks actually shrunk overall in the first half of the year, even if e-commerce took the majority of the attacks that did occur with small business the second most.
The U.S. was deemed the top attack source country at 37 percent, but that fell from 58 percent over the second half of 2003, Symantec said, with other countries rising accordingly enough to suggest malware attacking has become more international.
The Internet Security Threat Report relies on Symantec DeepSight Threat Management System data and 20,000 security devices in over 180 countries, as well as data gathered by experts in the company’s five security operations centers and nine response laboratories worldwide. They also gather malicious code for analysis from over 120 million product customers.
