Symantec Internet Security Threat report identifies shift toward focused attacks on desktops to expose confidential data

The semiannual report, covering the six-month period from January 1 to June 30, 2005, identified new methods of using malicious code for financial gain with increasing frequency to target desktops rather than enterprise perimeters.

The report also found a rise in the exposure of confidential information. Such threats can result in significant financial loss, particularly if credit card information or banking details are exposed. Moreover, these concerns are more worrisome as online shopping and Internet banking continue to increase in popularity, especially in the Middle East where this marketplace has grown exponentially in the past three years. During the first half of 2005, malicious code that exposed confidential information represented 74 percent of the top 50 malicious code samples reported to Symantec, up from 54 percent in the previous six months.

Kevin Isaac, regional director Symantec Middle East North Africa, commented, "Previous reports have shown countries from around the region registering a large number of threat alerts per Internet capita head. Now we see 44% of attacks on EMEA sensors originating from the UK. The significant finding from this report is a move away from threats issued on a wider scale, towards targeted threats on specific computers for the purposes of theft of financial data. Regional users need to ensure that they are taking the right precautions when using the World Wide Web for shopping or banking, such as ensuring a site is secure before entering credit card details. Although our region may not be a source of threats, the Internet has no boundaries and everyone is equally at risk."

During the five-day GITEX exhibition, Symantec's regional team will be addressing with customers and partners some of the most critical security issues facing Middle East-based businesses, many of which were highlighted in the company's latest threat report. Symantec will utilize GITEX to unveil its approach to delivering information integrity to the region's businesses, and will demonstrate how end-users can reduce the cost and complexity around securing their data.

Further findings in the report show that bot networks and custom bot code were available for purchase or rent; Symantec observed an average of 10,352 active bot network computers per day, an increase of more than 140 percent from the previous reporting period's 4,348 bot computers. Seven out of ten of the top cities in EMEA with the highest percentage of bot-infected computers were in the UK - Symantec believes that this is due to the rapid expansion of broadband connectivity in that country, not balanced by awareness in the new users. As the financial rewards increase, attackers will likely develop more sophisticated and stealthier malicious code that will be implemented in bot features and bot networks, some of which could attempt to disable antivirus, firewalls, and other security measures.

Modular malicious code - malicious code that has limited functionality initially but then downloads additional functionality once a system has been infected - is also increasing. The shift toward modular malicious code is significant as it indicates that attackers may be attempting to avoid detection and attempting to compromise a system further by opening back doors on an infected system or visiting Web sites where further malicious code can be retrieved and placed on the target system.

The report also found that phishing attacks continue to proliferate. The volume of phishing messages grew from an average of 2.99 million messages a day to 5.70 million. One out of every 125 e-mail messages scanned by Symantec Brightmail AntiSpam was a phishing attempt, an increase of 100 percent from the last half of 2004. Symantec Brightmail AntiSpam antifraud filters were blocking more than 40 million phishing attempts per week on average, up from approximately 21 million per week at the beginning of January.

Additional key findings include the following:
Symantec observed that denial-of-service attacks grew from an average of 119 per day to 927 per day during the first half of 2005 - a 680 percent increase over the previous reporting period. The most frequently targeted industry was education, followed by small business and financial services.

The time between the disclosure of a vulnerability and the release of associated exploit code decreased from 6.4 days to 6.0 days. In addition, an average of 54 days elapsed between the appearance of a vulnerability and the release of an associated patch by the affected vendor. This means that, on average, 48 days elapsed between the release of an exploit and the release of an associated patch; during this time, systems are either vulnerable or administrators are forced to create their own workarounds to protect against exploitation.

During the first half of 2005, Symantec documented 1,862 new vulnerabilities - the highest number ever recorded in the Internet Security Threat Report. Ninety-seven percent of these vulnerabilities were classified as moderate or high in severity, and 59 percent of all vulnerabilities were found in Web application technologies, marking an increase of 59 percent over the previous reporting period and a 109 percent increase over the first six months of 2004.

A growing number of Win32 viruses and worm variants were also reported during the first half of 2005. Symantec documented 10,866 new Win32 virus and worm variants, an increase of 48 percent over the previous reporting period and 142 percent over the first half of 2004.

Adware, spyware, and spam continue to propogate, according to the report. Eight of the top 10 adware programs were installed through Web browsers. Of the top 10 adware programs reported, five hijacked browsers. Six of the top 10 spyware programs were bundled with other programs and six were installed through Web browsers. Symantec also observed that spam made up 61 percent of all e-mail traffic and that 51 percent of all spam received worldwide originated in the United States.

An analysis of future and emerging trends concluded that an increase in the number of attacks and threats directed at wireless networks is likely. In addition, Voice over Internet protocol (VoIP) threats are expected to emerge as more enterprises merge their data and voice networks.