CUPERTINO, Calif. – Sept. 22, 2004 - Symantec Corp. (Nasdaq: SYMC), the global leader in information security, today announced that it will host a Webcast highlighting findings of its most recent Internet Security Threat Report. The sixth bi-annual report is one of the most comprehensive sources of Internet threat data in the world. The Webcast will be held on Thursday, September 23 at 8 a.m. PDT. Attendees can register at http://enterprisesecurity.symantec.com/content/webcastinfo.cfm?webcastid=127.

The findings of Symantec’s Internet Security Threat Report, issued on September 20, are based on data from Symantec DeepSight Threat Management System and Symantec Managed Security Services customers as well as from 20,000 security devices deployed in more than 180 countries. In addition, the report leverages threat data gathered by experts in Symantec’s five Security Operations Centers and nine Response Labs throughout the world. Symantec also gathers malicious code from more than 120 million client, server, and gateway systems that have deployed Symantec’s antivirus products in both consumer and corporate environments. The latest report covers trends in Internet attacks, vulnerabilities, and malicious code activity for the period of Jan. 1, 2004 to June 30, 2004.

Dean Turner, manager, Symantec Security Response and executive editor of the Symantec Internet Security Threat Report, will lead the Webcast. His discussion will help Webcast attendees to gain a deeper understanding of the state of overall Internet threats, and what these threats mean to their organizations. Additionally, Turner will discuss future and emerging trends in Internet security.

“The Symantec Internet Security Threat Report is one of the most accurate, comprehensive, and timely sources of security information available for helping companies assess and mitigate risks of cyber attacks,” said Turner. “This Webcast provides participants with a opportunity to gain a deeper understanding of Internet security trend data required to strengthen their overall corporate security postures.”

Symantec Internet Security Threat Report: Key Highlights
Symantec’s Internet Security Threat Report identified more attacks now targeting e-commerce and Web applications. Additionally the report identified short vulnerability-to-exploit window, a rise in Bot networks, and an increase in severe/easy-to-exploit vulnerabilities.

• Increased Threats to e-Commerce: During this reporting period, e-Commerce was the single most targeted industry, with nearly 16 percent of attacks against it. This represents a 400-percentage increase from the four percent reported during the previous six months. This rise may indicate a shift from attacks motivated by notoriety to attacks motivated by economic gain. This possibility is further illustrated by an increase in phishing scams and spyware designed to steal confidential information and pass it along to attackers.
• Attacks Against Web Application Technologies Are Increasingly Popular: Web application technologies are appealing targets for attacks because of their widespread deployment within organizations and the relative ease with which they can be exploited. Web applications allow attackers to gain access to the target system simply by penetrating one end-user’s computer, bypassing traditional perimeter security measures. Nearly 82 percent of documented Web application vulnerabilities were classified as easy to exploit, thereby representing a significant threat to an organization’s infrastructure and critical information assets.
• Short Time Between Vulnerability and Exploit: According to the report, the time between the announcement of a vulnerability and the release of associated exploit code was extremely short. Symantec data indicates that over the past six months, the average vulnerability-to-exploit window was just 5.8 days. Once an exploit has been released, the vulnerability is often widely scanned for and quickly exploited. This short window leaves organizations with less than a week to patch vulnerable systems.
• Rise in Bot Networks: Adding to concern about the short vulnerability-to-exploit window is the growth in bots (short for “robot”). Attackers often coordinate large groups of bot-controlled systems, or bot networks, to scan for vulnerable systems and use them to increase the speed and breadth of their attacks. Over the past six months, Symantec has seen a large increase in the number of remotely controlled bots. During the first six months of 2004, the average number of monitored bots rose from under 2,000 to more than 30,000 per day – peaking at 75,000 in one day. Bot networks create unique problems for organizations because they can be remotely upgraded with new exploits very quickly, which could potentially allow attackers to outpace an organization’s security efforts to patch vulnerable systems.
• Increase in Severe, Easy-to-Exploit Vulnerabilities: Symantec documented more than 1,237 new vulnerabilities between January 1 and June 30, 2004, an average of 48 new vulnerabilities per week. Seventy percent of these vulnerabilities were considered easy to exploit, and 96 percent were considered moderately or highly severe. Consequently, organizations must contend with an average of more than seven new vulnerabilities per day, and a significant percentage of these vulnerabilities could result in a partial or complete compromise of the targeted system.

About Symantec
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.

NOTE TO EDITORS: : If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States.

Symantec, the Symantec logo, VERITAS, and the VERITAS logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and certain other countries. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.