Symantec Corp. has released its ninth volume of its semiannual Internet Security Threat Report, covering the six-month period from July 1, 2005 to Dec. 31, 2005. The report marks an increase in threats designed to facilitate cybercrime. While past attacks were designed to destroy data, today’s attacks are increasingly designed to silently steal data for profit without doing noticeable damage that would alert a user to its presence. In the previous Internet Security Threat Report, Symantec cautioned that malicious code for profit was on the rise, and this trend continued during the second half of 2005. Malicious code threats that could reveal confidential information rose from 74 percent of the top 50 malicious code samples last period to 80 percent this period.
“Cybercrime represents today’s greatest threat to consumers’ digital lifestyle and to online businesses in general,” said Arthur Wong, vice president, Symantec Security Response and Managed Security Services. “The unparalleled insight this report provides into how cybercrime is happening and how it can be prevented enables Symantec to help protect the widest variety of customers in the world.”
The report also details the growing trend of attackers using bot networks, targeted attacks on Web applications and Web browsers, and modular malicious code. Based on this and data from previous reporting periods, Symantec expects to see more diverse and sophisticated threats used for cybercrime as well as an increase in the theft of confidential, financial, and personal information for financial gain.
Additional Key Findings
China experienced the largest increase of bot-infected computers, with 37 percent growth—24 percentage points above the average increase—putting China behind only the U.S. in this category. The increase is likely related to China’s rapid growth in broadband Internet connections. China also saw the largest overall increase in originating attacks; such attacks increased by 153 percent over the last period, marking 72 percentage points above the average increase. Bots may be an increasing source of this activity.
Phishing threats, which are attempts to deceive users into revealing confidential information, continued to increase during the last half of 2005 while focusing on smaller, regional targets. During the last half of 2005, 7.92 million daily phishing attempts were identified, an increase over the 5.70 million attempts per day in the previous reporting period. Symantec expects to see an increase in the number of phishing messages and malicious code distributed through instant messaging services in the future.
Symantec documented 1,895 new software vulnerabilities, the largest total recorded number of vulnerabilities since 1998. Of these, 97 percent were considered moderately or highly severe and 79 percent were considered easy to exploit.
To highlight the importance of applying operating system and application patches quickly, Symantec assessed the time it took for attackers to compromise newly installed operating systems in standard deployments such as Web servers and desktops. Of the servers, Windows 2000 Server with no patches had the shortest average time to compromise, while patched Windows 2003 Web Edition and both unpatched and patched RedHat Enterprise Linux 3 were not compromised in the testing period. Of the desktops, Microsoft Windows XP Professional with no patches had the shortest average time to compromise, while the same desktop system with all patches applied as well as SuSE Linux 9 Desktop were not compromised
With the increased volume of vulnerabilities discovered, Symantec also monitored the speed that organizations were able to patch vulnerable systems. During this reporting period, an average of 6.8 days elapsed between the announcement of a vulnerability and the release of associated exploit code, up from 6 days last period. An average of 49 days elapsed between the disclosure of a vulnerability and the release of a vendor-supplied patch. Consequently, enterprises and consumers may be susceptible to potential attack for 42 days, highlighting the need for users to patch systems or take other protective measures as soon as possible. Symantec expects that the commercialization of vulnerability research will increase, with a growth in black market forums and an increase in vulnerability information purchased for criminal pursuits.
Symantec documented a small increase in new Win32 virus and worm variants with 10,992 this period versus 10,866 last period. This trend is part of a noticeable decline in category 3 and 4 threats (moderate and extremely serious) and a corresponding increase in category 1 and 2 threats (low and very low). The number of new Win32 virus and worm families also decreased by 39 percent—from 170 new families in the first half of 2005 to 104 this period. This suggests that malicious code developers may be choosing to modify currently circulating source code rather than developing new threats from scratch.
print
save
email
comment
Copyright @ 2004 Software & Support Media
Powered By Media Teknologi Informasi Corp.
Privacy PolicyTerms of Use
