Symantec Corp. has released its newest Internet Security Threat Report. The seventh bi-annual report provides analysis and discussion of trends in Internet attacks, vulnerabilities, malicious code activity, and additional security risks covering the the period of 1 July 2004 to 31 December 2004.
“Attackers are launching increasingly sophisticated attacks in an effort to compromise the integrity of corporate and personal information, ” said Richard Batchelar, country manager, Symantec New Zealand. “By offering not only an unparalleled view of current Internet threat activity but also critical insights regarding future trends, Symantec’s Internet Security Threat Report serves as an invaluable tool for enabling businesses and individuals to safeguard the security and availability of their information assets no matter what.”
Over the past three reporting periods, threats with the potential to expose confidential information have continued to increase. Between 1 July and 31 December 2004, this type of program represented 54 percent of the top 50 malicious code samples received by Symantec, up from 44 percent in the first six months of the year and 36 percent in the second half of 2003. This is partially due to the proliferation of Trojan horses. Between July 1 and December 31, 2004, Trojans represented 33 percent of the top 50 malicious code reported to Symantec.
The report reveals that. as predicted in the previous editions, the number of phishing attacks is increasing. Phishing is a method to steal confidential information such as passwords, credit card numbers, and other financial information. By the end of December 2004, Symantec Brightmail AntiSpam antifraud filters were blocking an average of 33 million phishing attempts per week, up from an average of 9 million per week in July 2004. This represents an increase of over 366 percent. Symantec expects that phishing will continue to be a very serious concern over the next year.
Web applications are popular targets because they enjoy widespread deployment and can allow attackers to circumvent traditional perimeter security measures such as firewalls. They are a serious security concern because they may allow attackers access to confidential information without having to compromise individual servers. Nearly 48 percent of all vulnerabilities documented between July 1 and December 31, 2004 were Web application vulnerabilities, a significant increase from the 39 percent documented in the previous six-month period.
Symantec says that due to the widespread deployment of Microsoft Windows operating systems in enterprise and consumer environments, Windows 32 viruses and worms pose a serious threat to the security and integrity of the computing community. From 1 July to 31 December 2004, Symantec documented more than 7,360 new Windows 32 virus and worm variants. This represents an increase of 64 percent over the previous six-month period. As of 31 December 2004, the total number of documented Windows 32 threats and their variants was approaching 17,500. Because a failure to prevent, detect, or remove these threats could mean severe financial losses, the disclosure of confidential information, and the loss of data, organisations are challenged with updating their antivirus solutions more often than ever before which, in turn, puts more pressure on current resources.
In terms of vulnerabilities in the period covered by the report, Symantec documented more than 1,403 new vulnerabilities, which translates into more than 54 new vulnerabilities per week or almost eight new vulnerabilities per day. Of these, 97 percent were considered moderately or highly severe, which means that successful exploitation of the vulnerability could result in a partial or complete compromise of the targeted system. Furthermore, 70 percent were considered easy to exploit, which means that either no custom code is required to exploit the vulnerability or that such code is publicly available. Compounding this problem is that nearly 80 percent of all documented vulnerabilities in this reporting period are remotely exploitable, which likely increases the number of possible attackers.
For the third straight reporting period, the Microsoft SQL Server Resolution Service Stack Overflow Attack (formerly known as the Slammer attack) was the most common attack, used by 22 percent of all attackers. The second most common attack was the TCP SYN Flood Denial of Service Attacked, which was launched by 12 percent of attackers. Some organisations received 13.6 attacks per day, up from 10.6 in the previous six months. The United States continues to be the top attack source country, followed by China and Germany.
The time between the disclosure of a vulnerability and the release of associated exploit code remained extremely short at 6.4 days. Vulnerabilities are also affecting new alternative browser distributions. During the last six months of 2004, 21 vulnerabilities affecting Mozilla browsers were disclosed, compared to 13 vulnerabilities affecting Microsoft Internet Explorer. Six vulnerabilities were reported in Opera.
Symantec documented more than 7,360 new Windows 32 viruses and worms, an increase of 64 percent over the first half of the year and an increase of more than 332 percent over the 1,702 documented in the second half of 2003. As of Dec. 31, 2004, the total number of Windows 32 variants approached 17,500. At the end of the reporting period, there were 21 known samples of malicious code for mobile applications, up from one - the Cabir worm - in June 2004. Among the new threats were the Duts virus, the first threat to Windows CE; and the Mos Trojan, which was discovered in a Symbian game.
The report continues, showing that In the last six months of 2004, adware programs made up five percent of the top 50 Symantec customer reports, up from four percent the previous report. Iefeats was the most commonly reported adware program, accounting for 36 percent of top 10 reports. Webhancer was the most frequently reported spyware program during the second half of 2004, representing 38 percent of the top 10 spyware reported. Five of the top 10 adware reported samples were installed via a Web browser. Nine of the top 10 reported spyware programs were bundled with other software.
Spam was also analysed, and the company reported a 77 percent growth in spam for companies whose systems were being monitored; the weekly totals of spam raised from an average of 800 million spam messages per week to well over 1.2 billion spam messages per week by the end of the reporting period. Moreover, spam made up more than 60 percent of all e-mail traffic observed by Symantec during this period.