RealTime IT News

Malicious Code For Profit

Malicious code for profit tops the list of vulnerability threats in Symantec's latest report on Internet security. In the first six months of this year alone, attempts to expose confidential data represented 74 percent of the top 50 malicious code samples reported to the security firm.

The trend is likely to continue with Symantec reporting a dramatic increase in bot networks and custom bot code available for purchase or rent.

"Attackers are moving away from large, multipurpose attacks on network perimeters and toward smaller, more targeted attacks directed at Web and client-side applications," Arthur Wong, vice president of Symantec Security Response and Managed Security Services, said in a statement.

Symantec observed an average of 10,352 active bot network computers per day, an increase of more than 140 percent from the previous reporting period's 4,348 bot computers.

As the financial rewards for hackers increase, Symantec predicts attackers will likely develop more sophisticated and stealthier malicious code that will be implemented in bot features and bot networks. Some of the codes may attempt to disable anti-virus software, firewalls and other security measures.

Phishing, adware, spyware and spam also increased in the first half of the year.

According to Symantec, the volume of phishing messages grew from an average of 2.99 million messages a day in the second half of 2004 to 5.7 million per day in the first half of 2005.

From January to June, one out of every 125 e-mail messages scanned by Symantec's anti-spam filters was a phishing attempt, an increase of 100 percent from the July-December 2004 reporting period.

Symantec also observed that spam made up 61 percent of all e-mail traffic in the most recent reporting period. Despite the CAN-SPAM law, Symantec reports that 51 percent of all spam received worldwide originated in the United States.

Of the top 10 adware programs reported, five hijacked browsers. Six of the top 10 spyware programs were bundled with other programs and six were installed through Web browsers.

In a new trend, Symantec says modular malicious code -- code that has limited functionality initially but then downloads additional functionality once a system has been infected -- is also increasing.