Rises in threats to confidential information and in phishing attacks continued to dominate security concerns in the second half of 2004, when rises in spyware/adware and Windows-targeted malware attacks didn’t, according to a new Internet security report from Symantec Corp.
The company’s periodic Internet Security Threat Report, released March 20, said threats with the potential of exposing confidential information accounted for 54 percent of the top fifty samples of malicious code Symantec received between July 1 and December 31, 2004, up from 44 percent in the first half of the year and 36 percent in the second half of 2003.
"Attackers are launching increasingly sophisticated attacks in an effort to compromise the integrity of corporate and personal information," said vice president of Symantec’s Security Response and Managed Security Services.
Symantec thinks the 54 percent figure is due largely to a rising proliferation of Trojan horses, which represented 33 percent of the top fifty malicious code samples reported to the company in the reporting period.
Phishing—attempts to trick Netizens into giving up personal or confidential financial information through fake e-mails or Web pages made to resemble actual business sites and correspondence—rose in Symantec’s reported problems as well, with the company saying their Brightmail anti-spam and anti-fraud filters were catching and blocked an average of 33 million phishing attempts a week by December’s end, up from 9 million a week the previous July.
But spyware/adware programs made up five percent of the top fifty Symantec customer reports, the company said, a rise from four percent the previous six months, with Iefeats the most commonly reported adware program and Webhancer the most often reported spyware application.
Five of the top ten adware reports involved samples installed by way of Web browsers, the company continued, with nine of the top ten reported spyware reports involving programs bundled with other software.
And for companies whose systems were being monitored for spam, Symantec said, the growth in the second half of 2004 was 77 percent, involving a hike from 800 million spam messages a week in the first half to over 1.2 billion spam messages a week by December’s end. Spam also accounted for over sixty percent of all e-mail traffic Symantec monitored in the second half of the year.
The company also said attacks against Web applications remain popular targets, “because
they enjoy widespread deployment and can allow attackers to circumvent traditional perimeter security measures such as firewalls,” the company said. “They are a serious security concern because they may allow attackers access to confidential information without having to compromise individual servers.”
Symantec estimated that almost 48 percent of all vulnerabilities spotted between July and December were Web applications, up from 39 percent in the previous six months. And Windows virus and worm variants rose 64 percent from July through December, with 7,360 new Windows virus and worm variants spotted and close to 17,500 such threats total.
Malicious code continued to be dominated by mass e-mailing worms in the second half of 2004, with eight of the top ten samples involving variants of previously reported worms like Netsky, Sober, Beagle, and MyDoom.
Perhaps not surprisingly, given the continuing prevalence of phishing attacks and a continuing rise in identity theft crime, Symantec said the financial services sector experienced the highest ratio of severe online attacks, sixteen severe events per ten thousand security events, according to the company’s analysis.
The time between a vulnerability’s disclosure and the release of associated exploitation codes, Symantec added, stayed at “(an) extremely short” 6.4 days. Vulnerabilities have begun affecting new alternative Internet browsers, with 21 vulnerabilities affecting Mozilla browsers detected and disclosed in the last six months of 2004, followed by thirteen affecting much-bedeviled Internet explorer and six in Opera. But critics are often quick to point out that Mozilla and Opera tend to work faster on fixing those vulnerabilities than Microsoft.
Future and Emerging Trends:
-- The use of bots and bot networks for financial gain will likely increase, especially as the diverse means of acquiring new bots and developing bot networks become more prevalent.
-- Malicious code targeting mobile devices is expected to increase in number and severity. With many groups researching vulnerabilities in Bluetooth-enabled devices, the possibility of a worm or some other type of malicious code propagating by exploiting these vulnerabilities increases.
-- Symantec expects that client-side attacks using worms and viruses as propagation methods will become more common.
-- Attacks hidden in embedded content in audio and video images are expected to increase. This is worrisome because image files are ubiquitous, almost universally trusted, and an integral part of modern day computing.
-- Symantec expects security risks associated with adware and spyware will likely increase. Impending legislation to curb these risks is not expected to be an effective or sufficient deterrent on its own.
