Malware rate rises despite fewer flaws, Symantec finds

2 May 2012

Symantec's Security Operations Center

Security threats are shifting, as fewer new flaws emerge but malware numbers continue to rise – that’s according to the latest Internet Security Threat Report from Symantec.

The security vendor said it blocked more than 5.5bn malicious attacks last year – an 81pc increase over 2010. The number of unique malware variants was 403m and the number of web attacks blocked per day rose by 36pc.

Symantec released close to 15,000 signatures per day last year to thwart web threats, which is an increase of almost 50pc on 2010.

The report found spam levels fell considerably and the rate of new vulnerabilities discovered also fell, down by 20pc on the previous year. These statistics, compared to the continued growth in malware, paint an interesting picture.

Orla Cox, senior security operations manager for Symantec’s security response team, said part of the reason for the shift is that it’s becoming harder for criminals to exploit new flaws in web browsers.

The continued growth in malware is a result of easy-to-use attack toolkits which allow cyber-criminals take advantage of existing vulnerabilities. 

“The fact they’re using old vulnerabilities means organisations can protect themselves if they keep machines up to date,” Cox told “Most of the attacks we see are preventable by adopting good security practices.”

More daily targeted attacks

The number of daily targeted attacks rose from 77 per day to 82 per day by the end of 2011, according to the report. These types of attacks use social engineering and customised malware to gain unauthorised access to sensitive information, and traditionally focused on public sector and government. However, last year targeted attacks diversified, Symantec found.

As more people use mobile devices in addition to – or in place of – PCs, cyber-criminals are keeping up with the trend. Mobile vulnerabilities increased by 93pc in 2011, the report found. Last year was the first time mobile malware presented a tangible threat to businesses and consumers, Symantec said.

“Most of the threats we’ve seen have been to send premium SMS messages and gathering data from phones to launch further attacks later on,” said Cox.

The report also noted a rise in threats targeting Google’s Android operating system. Explaining the attraction of Android as opposed to Apple’s iOS, Cox said: “The open platform is the attraction for attackers. The closed model that Apple uses and the vetting of apps means the barriers of entry are too high. There aren’t enough jailbroken iPhones to make it worthwhile for attackers … It’s much easier for an attacker to target somebody on an Android phone.”

Whereas the early PC viruses started life as playthings for bored teenagers before the opportunity for financial gain became apparent, mobile malware seems to be more evolved and is being exploited to make money.

“There’s definitely a criminal element – they’ve leapfrogged the hobbyist that we saw on the PC,” said Cox.

Earlier this year, Symantec uncovered a botnet of hijacked mobiles in China which were being used to send text messages to premium-rate numbers costing the equivalent of US15c to US30c. Based on a fluctuating number of infected devices – typically ranging between 10,000 and 30,000 per day – a botmaster could earn anywhere between US$1,600 and US$9,000 on a daily basis.

By that calculation, the botmaster could be making anywhere between US$547,500 and US$3,285,000 in a year.

Gordon Smith was a contributor to Silicon Republic