Report: Home Users Blind To Hackers

Forget about worms and headline-grabbing mass attacks. Hackers are
getting personal by targeting your home computer and online finances.

According to a new status report from security vendor Symantec , home users are the target of 86 percent of attacks. Financial services ranked second, the target of 84 percent of phishing attempts in the first half of 2006.

“Attackers see end users as the weakest link in the security chain
and are constantly targeting them in an effort to profit,” Arthur
Wong, senior vice president of Symantec Security Response and Managed
Services, said in a statement.

“Education doesn’t make a difference,” Alfred Huger, senior director
of Symantec Security Response, told Despite
headlines and information campaigns, consumers remain vulnerable,
said Huger.

If home users are the most common target of attackers, Web browsers
are the most common vehicle, according to Symantec.

Nearly two-thirds, or 69 percent, of hackers used vulnerabilities found in

In a surprising finding, Mozilla-based browsers led the list with 47 vulnerabilities, compared to 17 in the last report.

Vulnerabilities in Apple’s Safari doubled from six to 12. IE vulnerabilities rose to 38 from 25.

This combination of the insecure user and unsafe Web browser could result
in a “profound impact” on online commerce, warned Huger.

As more consumers lose confidence in their browsers, there is a growth in
effort to ensure transactional security, he added.

Symantec said 2,249 holes were discovered in the first half of 2006, the highest number of vulnerabilities ever reported.

While representing an 18 percent increase, the security vendor said
exposure to those vulnerabilities shrank, which is a sign of improving
Microsoft security, Huger said.

Microsoft tied with Red Hat at 13 days as the
quickest time to patch.

Apple took an average of 37 days, while 53 days
passed before HP issued a patch. Sun
took the longest to patch a problem: 89 days, according to Symantec.

E-mail users saw an 80 percent increase in phishing attempts, which dupe users into disclosing personal or financial information.

Spam, already more than half of e-mail traffic, rose just a modest
4 percent to 54 percent, Symantec said.

The company also pointed to a resurgence in polymorphic attacks, designed to change signature and shape to avoid filters.

The company also said the PatchGuard application, part of Microsoft’s
upcoming Vista operating system, could be a security concern.

Symantec opposes Microsoft’s inclusion of security features in Vista, because it believes it locks out other security vendors.

Although the U.S. continues to lead with 54 percent of Denial of Service (DoS) attacks, 20 percent of the world’s infected computers are in China, according to Symantec.

The Symantec Internet Security Threat Report covers Jan. 1 through June 30 and includes data from 40,000 sensors in over 180 countries.

News Around the Web