Symantec report highlights shift in the nature of online criminal activity
SAN FRANCISCO - A new Internet Security Threat Report released by Symantec Corp on Monday says that the level of online criminal activity hit new highs in the first half of the current year. The report says that the main reason behind this surge in online crimes is the fact that almost every major software supports exploitable flaws.
The report which covers the first half of the year from January 1,2005 to June 30,2005 is the eighth volume of the Internet Security Threat released by Symantec. The report says that out of the top 50 malicious code samples reported to it in the first six months of the year, 74 percent had the potential to expose confidential information as compared with the 54 percent in the previous six months. Arthur Wong, vice president of Symantec's Security Response and Managed Security Services said that attackers are targeting smaller web and client-side applications mainly for financial gain. "As financial rewards increase, attackers will likely develop more sophisticated and stealthier malicious code that will attempt to disable antivirus, firewalls, and other security concerns," the report stated.
Microsoft Windows users were particularly vulnerable as the number of viruses targeting them surged by 48 percent to 11,000. This was mainly possible due to the increasing sophistication among the hackers as well as an increase in the number of bot-infected computers. These computers, mainly home PCs, are ones that are being used against the owners' wishes to spread viruses and distribute spam. Symantec said that it had detected 10,352 active bot network computers per day, up from the 4,348 in the previous six months. This is a massive jump of 140 percent.
The report also focused on the browsers and said that contrary to popular belief, Mozilla's Firefox is more vulnerable than Microsoft's Internet Explorer. Symantec found 25 vendor-confirmed vulnerabilities in Firefox in the first half of the year and rated 18 as highly severe, "During the same period, 13 vendor-confirmed vulnerabilities were disclosed for IE, eight of which were high severity," the report asserted. Symantec said that the increasing proliferation of the VoIP would also be targeted in the near future, "Voice over Internet protocol (VoIP) threats are expected to emerge as more enterprises merge their data and voice networks," the report said. The Cupertino, Calif.-based Symantec Corp also noted an increase in "denial-of-service" attacks, which rose from 119 to 927 per day.
|
