Security Research and Analysis

Symantec.com > Business > Security Research and Analysis

Symantec Response conducts ongoing, in-depth research and analysis of current threat trends impacting users of the Internet. To better enable you to implement effective security measures, Symantec provides detailed reports of trends, impact and preventive measures that you can deploy to protect and manage your information.

Internet Security Threat Report

The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a one-year period. It covers Internet threat activities, vulnerabilities, malicious code, phishing, spam and security risks as well as future trends. The fourteenth version of the report, released April 14, 2009, is now available.

Internet Security Threat Report Volume XIV: April, 2009

Executive Summary: April, 2009

Volume XIV Highlights

A significant spike in new malicious code threats occurred during 2008. Symantec created 1,656,227 new malicious code signatures during this time period. This is a 165 percent increase over 2007, when 624,267 new malicious code signatures were added. This means that of all the malicious code signatures created by Symantec, more than 60 percent of that total was created in 2008. The explosive growth can be attributed to the professionalism of malicious code development, supporting the demand for goods and services that facilitate online fraud.

Malicious code that exposes confidential information is a valued asset in the underground economy. Advertisements seeking malicious code authors are often looking for a one-time development of specific code to create new variants of existing threats, rather than developing entirely new threats.

Variants of existing malicious code can be developed more easily and can therefore be posted for sale on the underground market much more quickly. This is evidenced by the flourishing profitability of confidential information sales, as discussed in the Symantec Report on the Underground Economy, November 2008.

Table 1. New malicious code signatures

Source: Symantec Corporation

Featured Media

Flash Demo: Internet Security Threat Report Volume XIV
Webcast: Internet Security Threat Report Volume XIV, April 30 2009

Regional & Industry Reports

The following reports provide in-depth analysis on regional and government sector threat activity:

EMEA Internet Security Threat Report : April, 2009
APJ Internet Security Threat Report : April, 2009
LAM Internet Security Threat Report : April, 2009
Government Internet Security Threat Report : April, 2009

Podcasts

ISTR XIV – Web-Based Attacks
This podcast will cover the impact of web-based attacks, providing analysis and discussion of the data gathered by Symantec between January 1 and December 31, 2008. Listen now

ISTR XIV – Financially Motivated Malicious Code Development
This podcast will cover the financial motivation behind the malicious code development, providing analysis and discussion of the data gathered by Symantec between January 1 and December 31, 2008. Listen now

ISTR XIV – Phishing and Spam in the Economic Downturn
This podcast will cover the Phishing and Spam trends, providing analysis and discussion of the data gathered by Symantec between January 1 and December 31, 2008. Listen now

Internet Security Threat Report Blog

Read what Symantec’s Security Response experts are writing about the latest issue of the Internet Security Threat Report.

Symantec Report: Rogue Security Software

New ways to conduct Internet fraud continue to be unleashed on the unsuspecting public. One of the growing trends is the use of misleading software programs. The Symantec Report on Rogue Security Software is an in-depth analysis of rogue security software programs and how they affect users. The report includes an overview of these programs, how they work, their risk implications, various distribution methods and innovative attack vectors.

This report, released October, 2009 is now available.

Rogue Security Software: October, 2009

Executive Summary: October, 2009

Podcasts

Prevalence of Rogue Security Software

To date, Symantec has detected over 250 distinct rogue security software programs. The continued prevalence of these programs emphasizes the ongoing threat they pose to potential victims despite efforts to shut them down and raise public awareness. This podcast will cover the highlights of the top most reported rogue security software programs that have been analyzed for this report. Listen now

Server Operation

The servers used to host rogue security software attempt to operate as legitimately as possible. By uncovering the underlying characteristics of these servers, many similarities have been revealed which may assist in mitigating these types of scams. This podcast will cover the highlights of server operation and characteristics that have been analyzed for this report. Listen now

Report Highlights

A rogue security software program is a type of misleading application (also known as scareware) that pretends to be legitimate security software, such as an antivirus scanner or registry cleaner. In reality, it provides the user with little or no protection, and, in some cases, can actually facilitate the installation of malicious code that it purports to protect against. Profit is a primary motivation for scam creators and distributors. Their goal is to trick users into believing that the rogue security application is valid and to convince them to pay for it.

Scam perpetrators use a variety of methods to lure users to fraudulent websites, many of which rely on fear tactics and other social engineering tricks. Once installed on a user’s computer, the rogue security software will usually deliberately misrepresent the security status or performance of the compromised computer, often displaying fake or exaggerated claims of security threats, even if the computer has not been compromised. Most rogue security programs have fully developed websites that include the ability to download and purchase the software, with some actually using legitimate online payment services to process credit card transactions from successful scams.