Symantec: Security holes, malware spike in 2008

If you worry that the Internet is a scary place full of digital pickpockets and online identity thieves, your fears will be bolstered by the latest Symantec Internet Security Threat Report released Tuesday.

The report finds huge increases in the number of security holes in software and the number of Internet threats, particularly attacks in which browsers are hijacked and forced to download malicious programs as people surf the Web.

Even visiting trusted Web sites isn't always safe. Most Web-based attacks target visitors to legitimate Web sites that have been compromised and that either serve up malicious content to the visitor or embed a malicious and invisible iframe on the page that surreptitiously redirects the user's browser to another Web server under an attacker's control, according to the report.

Attacks are traded in underground channels, with people buying and selling software that automates attacks or even entire botnets of infected computers that serve as spam armies, the report says. Stolen data is then marketed and offered up with price lists and guarantees. Oddly, the price of stolen data remained the same in 2008 despite the fact that the economy took a nose dive, said Zulfikar Ramzan, a technical director at Symantec Security Response.

The top Web-based attack in 2008 exploited the Microsoft IE ADODB.Stream Object File Installation Weakness vulnerability, while the top attacked vulnerabilty was the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability, according to the report.

Symantec detected nearly 1.66 malicious code threats, which represent 60 percent of the 2.6 million total malware threats Symantec has detected since it has been tracking this. The number of new malicious code signatures grew by 265 percent from 2007.

(Credit: Symantec)

Here are other highlights for 2008 from Symantec's report:

Conficker
Infections of Conficker, also known as Downadup, have been particularly strong in Asia Pacific and Latin America, areas with some of the highest rates of software piracy. Pirated versions of software can not be automatically updates to receive security patches. The worm, which has infected millions of Windows-based PCs that are not patched, is now communicating with other infected machines via peer-to-peer, dropping a mystery payload and installing malware that masquerades as anti-virus software.

Identity fraud
Nearly 80 percent of confidential information threats exposed user data and 76 percent used used keystroke-logging to steal data like banking account credentials. Seventy-six of the phishing attacks attempted to lure victims to specific financial sector brands and one group--the Russian Business Network--is believed to be responsible for about half of the phishing incidents that occurred worldwide last year.

Twelve percent of all data breaches exposed credit card information, which is the most popular item for sale in the underground economy. Credit card data can range in price from 6 cents to $30, while bank account credentials range from $10 to $1,000 and e-mail accounts from 10 cents to $100. Most of the stolen credit card data for sale is from the U.S.

Most data breaches that could lead to identity fraud were in the education sector, while the financial sector was the top industry for identities exposed. Theft or loss of equipment accounted for nearly half of data breaches that could lead to identity fraud and for 66 percent of identities exposed.

Spam
The most common type of spam detected was related to Internet- or computer-related goods and service. Spam volumes rose nearly 200 percent in 2008 to nearly 350 billion messages in 2008. Botnets were responsible for distributing about 90 percent of all spam e-mail.

Malware spikes
Symantec detected nearly 1.66 million malicious code threats, which represent 60 percent of the 2.6 million total malware threats Symantec has detected since it has been tracking this. The number of new malicious code signatures grew by 265 percent from 2007. Trojans make up nearly 70 percent of the volume of the top 50 malicious code samples.

Vulnerabilities up
Symantec documented nearly 5,500 vulnerabilities in 2008, up nearly 20 percent over 2007 and 80 percent of documented vulnerabilities were classified as easily exploitable.

Safari had the longest window of exposure between when the exploit code was released for a vulnerability and when a vendor released a patch, with a nine day average, while Mozilla had the shortest with a less than one day average. Mozilla browsers were affected by 99 new vulnerabilities in 2008, followed by 47 in IE, 40 in Safari, 35 in Opera and 11 in Google Chrome. There were 424 browser plug-in vulnerabilities and ActiveX accounted for most of those.

Geographies
Most attacks originated in the U.S. and the U.S. was the country most frequently targeted by denial-of-service attacks. China had the most bot-infected computers and Buenos Aires was the city with the most bot-infected computers.

Critical infrastructure
Telecommunications was the top critical infrastructure sector for malicious activity, accounting for 97 percent of the total, and the most common type of attack was denial-of-service. The top country of origin for attacks targeting the government sector in the U.S. was China. Symantec documented 6 public SCADA vulnerabilities in 2008.

[seven7dust]

Safest way on the internet get a Mac and use opera !

[monkeyfun14]

Linux and Konqueror

[aMUSICsite]

Don't protect you from spam, scams and malware.

I can't understand how ISP's & Governments seem to willing (even if reluctantly) to put in place firewalls or threaten to cut people off for illegal file sharing or copyright protection. Would not these efforts be better put to stopping spam, virus and malware.

If the governments around the world told ISP's to cut off internet access to anyone detected with the Conficker infection until the had fixed the problem, I would bet the bot would be dead within a few weeks. Especially if rather than cut them off all their internet traffic was re-directed to a fix for their machines and told download and run this to get back on the internet.

[Random_Walk]

Mac, Linux... both are good ways to get around online and protect yourself from most threats without a second thought.

Even replacing IE use with Firefox goes a long way.

@aMUSICsite: almost true. Spam is spam... but there are built-in tools for that on all platforms (even at the client - see also Thunderbird) and ISPs usually take on the burden of filtering them. Malware on the other hand requires a bit more cooperation from a Mac or Linux user than it does on Windows.

Scams? You're on your own, as usual. If some half-literate dude tells you that you won a zillion bucks and you're dumb enough to fall for it, well...

The last idea of yours I really like, and advocate for it on occasion myself.

[Angmarr]

Just get the Free Avast Anti Virus, or AVG or something AND save a Buck and you can have fun too like play "real games"!

Firefox ftw

[Angmarr]

so people know IE sucks, maybe people will finally see that Safari Sucks too ... hope

[ElementalMac]

How does having fewer exploits than IE and Firefox make Safari suck? People Firefox had the most exploits!! Just because they are fast at fixing them, doesn't excuse that they had double the number IE had, and three times as many Safari....!!!!

[Angmarr]

Safari had the longest window of exposure between when the exploit code was released for a vulnerability and when a vendor released a patch

[ballmerisanape]

Windows Tax.

[42istheanswer]

It's the user. Not always the software. I've been using computers since the 70's. All flavors and types. Not once have I gotten bit by malware. I've seen every type of user and OS get affected by some type of malware/phishing. Without fail, it's the user that is the direct result of any infection. OK, so I'll come right out and say it; infected computers are caused by really really stupid users.

[The_happy_switcher]

It's a good thing that Symantec (aka, the pimp) has such a virus infested prostitute (aka Microsoft) to keep it fully employed for years to come.

[Angmarr]

better than being the prostitute (mac fanboys) of the Pimp (apple).

[gertruded]

It just amazes me that after all these years of hundreds of thousands of viruses and worms for Windows that anyone would still use it on the internet.

[The_happy_switcher]

Symantec are kind of like the guy who throws a brick through your window with a note attached that says: "broken window? call XXX-XXXX for repair"

[Inconnux]

#1 way to stop the malware is to use Firefox and stop using IE. This is what happens when you integrate the browser and such a deep level in the OS.

[gggg sssss]

in my small world of several hundred PCs running SAV corporate, I am seeing an infection a week getting un caught, even upon a manual scan. Pretty poor AV if you ask me. Only problem is that the others are not any better. They just miss differenty ones than SAV

[Triumfant]

What is clear from this report is that reliance on signature based tools is no longer a sustainable proposition. According to the 2008 rates of growth in this report, new signatures have to be written at a pace of 1 every 20 seconds. Organizations must begin to seriously look at alternatives to signature based tools for detection and remediation of malicious code.

Jim Ivers
www.triumfant.com

[homey4u]

Thanks cnet for all this valuable information!