Net threats on upward curve

31 Mar 2005

Symantec’s latest Internet Security Threat Report has charted a continuing rise in internet dangers that could potentially expose confidential information, as well as a rise in phishing attacks that steal personal financial details.

One of the world’s largest security software company issues its report twice a year, which tracks trends in internet attacks and analyses vulnerabilities, malicious code activity and other security risks. The latest study covered the period from 1 July to 31 December 2004.

Malicious code that has been created to expose confidential information accounted for 54pc of the top 50 malicious code samples received by Symantec, up from 44pc in the first half of the year and 36pc in the second half of 2003. According to Symantec, this is partially due to the proliferation of Trojan horse programs.

Phishing attacks increased steadily, the report found. The incidence of emails attempting to trick recipients into revealing their banking passwords or credit card details rose by 366pc between July and December of last year.

For the second half of last year, Symantec documented more than 7,360 new Windows 32 virus and worm variants, a rise of 64pc on the first six months of 2004. This situation puts organisations under more pressure than ever to keep their antivirus systems up to date, the company said.

The report also highlighted a huge increase in new vulnerabilities – flaws in software that could be exploited by malicious third parties. Between last July and December, Symantec documented more than 1,403 new vulnerabilities: more than 54 new vulnerabilities per week. Some 97pc of these were classified as moderately or highly severe; in other words, if the vulnerability was exploited successfully, the targeted computer could be partially or totally compromised.

Almost three quarters of these vulnerabilities are considered easy to exploit, so that attackers would not need to write their own code to take advantage of the flaw. Many of these documented vulnerabilities can also be exploited remotely, further increasing the number of possible attackers.

Symantec also recorded the time between the discovery of a vulnerability and the release of malicious code to exploit it. Some security firms have in the past been accused of hyping the risk by referring to zero-day threats but the threat report found that this window of time currently stands at 6.4 days.

From its analysis of attack trends, Symantec said that organisations received 13.6 attacks per day, up from 10.6 in the previous six months. The US continues to be the top attack source country, followed by China and Germany. The financial services sector experienced the highest ratio of severe attacks, with 16 severe events per 10,000 security events.

Continuing a pattern from previous reports, mass-mailing worms dominated the top malicious code reported over the past six months of 2004. Eight of the top 10 samples reported to Symantec during this period were variants of mass-mailer worms seen in previous reports, including Netsky, Sober, Beagle, and MyDoom.

The top 10 also contained two bots, compared to just one in the previous reporting period. Bots are hidden programs that are used to control compromised PCs remotely. When part of a larger network or botnet, they can be used for malicious purposes such as launching a distributed denial of service attack against a website, for example. Many security experts believe bots will be a greater security threat over the coming year. Symantec reported 4,300 new distinct variants of Spybot, an increase of 180pc over the previous six months. The company also predicted that use of bots for financial gain is likely to rise.

Other expected future trends involve attacks hidden in embedded content in audio and video images. According to Symantec, “this is worrisome because image files are ubiquitous, almost universally trusted, and an integral part of modern day computing”.

The security firm has also forecast an increase in the number and severity of malicious code targeting mobile devices. “With many groups researching vulnerabilities in Bluetooth-enabled devices, the possibility of a worm or some other type of malicious code propagating by exploiting these vulnerabilities increases,” the report said.

By Gordon Smith