Malicious web activity grows at record pace

Friday, 03 July, 2009


Malicious code activity continued to grow at a record pace throughout 2008, primarily targeting confidential information of computer users, says Symantec.

According to the company’s Internet Security Threat Report Volume XIV, Symantec created more than 1.6 million new malicious code signatures in 2008. This equates to more than 60% of the total malicious code signatures ever created by Symantec — a response to the rapidly increasing volume and proliferation of new malicious code threats.

These signatures helped the company block an average of more than 245 million attempted malicious code attacks across the globe each month during 2008.

The report is derived from data collected by millions of internet sensors, first-hand research and active monitoring of hacker communications, and provides a global view of the state of internet security.

The report noted that web surfing remained the primary source of new infections in 2008 and that attackers are relying more and more on customised malicious code toolkits to develop and distribute their threats.

Furthermore, 90% of all threats detected during the study period attempt to steal confidential information.

Threats with a keystroke-logging capability — which can be used to steal information such as online bank account credentials — made up 76% of threats to confidential information, up from 72% in 2007.

Using data from its recent Report on the Underground Economy, the company found that there continues to be a well-organised underground economy specialising in the sale of stolen confidential data, particularly credit card and bank account credentials.

This economy is thriving; whereas prices for goods in the legitimate market have fallen, prices for goods in the underground economy have remained consistent from 2007 through 2008.

The report also points to the increased resilience of malware authors against attempts to halt their activities.

As an example, the shutdown of two US-based botnet hosting outfits contributed to a significant decrease in active botnet activity during September and November 2008. However, botnet operators found alternate hosting websites and botnet infections quickly rose to their pre-shutdown levels.

Web application platforms were common sources of vulnerabilities during the evaluation period. These pre-built software products are designed to simplify the deployment of new websites and are in widespread use around the internet.

Many of these platforms were not designed with security in mind and consequently harbour numerous flaws leaving them potentially vulnerable to attack.

Of all the vulnerabilities identified in 2008, 63% affected web applications, up from 59% in 2007. Of the 12,885 site-specific cross-site scripting vulnerabilities reported in 2008, only 3% (394) had been fixed at the time the report was written.

The report also found that web-based attacks originated from countries around the globe, with the most originating from the US (38%), followed by China (13%) and the Ukraine (12%).

Six of the top 10 countries where web-based attacks were prominent were from the Europe and Middle East Africa (EMEA) region — these countries accounted for 45% of the worldwide total, more than any other region.

The report found that phishing continued to grow. In 2008, 55,389 phishing website hosts were detected, an increase of 66% over 2007, when the company detected 33,428 phishing hosts. Financial services accounted for 76% of phishing lures in 2008 compared to 52% in 2007.

Finally, the report found that the volume of spam continued to grow. Over the past year, there was a 192% increase in spam detected across the internet as a whole, from 119.6 billion messages in 2007 to 349.6 billion in 2008. In 2008, bot networks were responsible for distributing about 90% of all spam email.

The report also found:

  • By the end of 2008, there were more than a million individual computers infected by the worm Downadup (also known as Conficker). This worm was able to spread rapidly across the internet due to a number of advanced propagation mechanisms. The number of Downadup/Conficker infections worldwide grew to more than 3 million infected systems during the first quarter of 2009;
  • In 2008, the growth of malicious code activity was greatest in Europe, Middle East and Africa region;
  • In 2008, there was an average of more than 75, 000 active bot-infected computers each day, a 31% increase from 2007.
Related Articles

Australia's largest electronics expo returns to Sydney

Electronex, the annual electronics design and assembly expo, will return to Sydney on 19–20...

The fundamentals of Australian RCM compliance

The following information aims to help readers understand the Australian compliance requirements...

Largest ever Electronex Expo in Melbourne

The Electronics Design and Assembly Expo will return to Melbourne from 10–11 May at the...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd