The Times They

By Lisa Vaas  |  Posted 2007-03-19 Print this article Print

Are A-Changin"> Malicious activity on the Internet has obviously changed considerably since the Slammer worm, Cole said. "[Slammer] pretty much crashed through the Internet and knocked things over," he said. "Guys were pounding their chests and slapping their buddies hands when they wrecked havoc. Nowadays, theyd rather drive across town in a Ferrari with their pals and their ill-gotten goods." Malicious code sniffing out confidential information such as credit card numbers increased from 48 percent of Symantecs Top 50 malicious code reports in the first half of 2006 to 66 percent in the second half. Threats that log keystrokes and export sensitive user and system data increased, with keystroke loggers now making up 79 percent of threats to confidential information.
This report is the first in which Symantec assessed data breaches that exposed information that could result in identity theft. The company found that during this time period, the government sector accounted for most of the data breaches that could lead to identity theft, with 25 percent of the total.
The preferred way for companies to lose our data was theft or loss of a computer or other data storage/transmittal medium, such as a USB key or a backup disk. Fifty-four of all identity theft-related data breaches in the second half of 2006 were made up of such losses. The second most common cause of data breaches that could lead to identity theft was insecure policy, which accounted for 28 percent of incidents. Zombies thrived in this time period, as well. Symantec detected 11 percent more active bot-infected computers than the period before, with an average of 63,912 spotted daily. The worldwide total of distinct bot-infected systems rose to about 6,049,594—a 29 percent increase. The number of command-and-control servers decreased by 25 percent to 4,746. Symantec theorizes that this is due to network owners consolidating and expanding their networks. Zero-day vulnerabilities also rose during this period. Trojans taking advantage of zero-day vulnerabilities numbered 12—a significant increase over the first half of the year and the second half of 2005, when only one zero-day vulnerability was documented for each reporting period. Most of the zero-days in late 2006 were client-side vulnerabilities affecting Office applications, Internet Explorer and ActiveX controls. Symantec noted that attackers are "increasingly using zero-day vulnerabilities as the first step in establishing coordinated networks of malicious activity," the company said in a release. Trojans increased significantly in late 2006 as well. They made up 45 percent of the volume of malicious code reports, compared with 23 percent in early 2006. While Trojans made up 45 percent of malicious code reports, they made up 60 percent of attempted infections. "Symantec has observed high levels of coordinated activity between threats, including spam and phishing," Symantec said in its release. "Often, Trojans are used to install spam zombies or phishing Web sites on compromised computers in order to facilitiate fraud or other criminal activities." In late 2006, spam made up 59 percent of all monitored e-mail traffic, Symantec found—an increase over early 2006, when 54 percent of e-mail was classified as spam. Symantec found that the rise in spam was primarily due to pump and dump stock scams. The company found that top detected spam category, at 30 percent, was related to financial products and services. Unique phishing messages in late 2006 increased, with 166,248 unique messages, or an average of 904 unique phishing messages per day. Phishing attacks primarily used financial services as bait, with that topic accounting for 84 percent of unique brands used in phishing attacks. Financial services also made up 64 percent of phishing Web sites. Forty-six of all known phishing sites were found in the U.S. Heres what Symantec forecasts for future threats:
  • More Vista threats will appear, with vulnerabilities, malicious code and attacks focused against Vistas Teredo platform Vistas Teredo platform, which is a bridge protocol between IPv4 and IPv6.
  • Attackers will focus on third-party applications that run on Vista.
  • New phishing economies will develop in which phishers expand their targets to include new industry sectors, such as massively multiplayer online games.
  • Phishers will develop new techniques, such as ready-made phishing kits, to evade antiphishing solutions such as block lists.
  • Spam and phishing will increasingly target SMS and MMS on mobile platforms.
  • New attacks will be developed to hit virtual environments as a way of compromising host systems. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

    Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel