Symantec Research Labs

Browser Defender to the Rescue!
Web sites may unwittingly harbor malicious code

No doubt the Internet is a fantastic place to visit for both work and fun-- as long as you're careful to avoid malicious web sites. In the past, one had to visit fundamentally dangerous sites to get infected, sites whose sole purpose was to host malicious threats. Today, however, completely legitimate sites may unwittingly harbor malicious code. The typical scenario is for a hacker to compromise such a site and post malicious spyware. When users surf the infected site, the spyware automatically downloads itself to their computer, stealing keystrokes, passwords, and other confidential information.

"There are no safe areas on the Internet any more," says Stephen Trilling, vice president, Symantec Research Labs (SRL). "Sites you may have visited safely many times in the past can be compromised at any time, without the knowledge of the site operators."

One such incident occurred just before Super Bowl XLI in 2007. Hackers broke into the web site for Dolphin Stadium, where the game was played, and planted a malicious threat that could infect vulnerable computers visiting the site. Susceptible users had a keylogger installed on their computer, which could record the user's keystrokes to steal private information.

Now, researchers at Symantec Research Labs have developed a new technology, called Browser Defender, which provides the strongest level of protection yet for surfing the Web.

"Browser Defender automatically blocks threats that attempt to attack your computer while you browse the Internet, even completely new attacks that we've never seen before," says Trilling. "In fact, internal testing at Symantec has revealed that Browser Defender protects against an order of magnitude more threats than our competitors."

Browser Defender is currently available in Norton AntiVirus 2008 and Norton Internet Security 2008, and will be included in the upcoming Norton 360 2.0. This breakthrough technology will ship in Symantec's corporate client security products in a future release.

Criminal Intent

The shadowy legions of hackers, thieves, con artists, and spammers who generate Internet attacks are becoming organized and businesslike

Symantec's Internet Security Threat Report, Volume XII, provides a six-month update of Internet threat activity for the first half of 2007. The main findings are part of a fundamental change Symantec has observed over the past few years. Attacks are less likely to be pranks or pure destructiveness. Rather, they are for financial gain.

Stolen credit card numbers and innocent users' identities are already hot items on black-market Web sites. Now, malicious code is being "productized" and sold through the same channels, at a rate exceeding even Symantec's own predictions from 2006.

One example of this trend is MPack, discovered in May 2007. It's a professionally written collection of PHP software components sold ready to install on a server--complete with a series of exploit modules. Ready-made phishing kits help criminals build convincing imitations of legitimate e-commerce sites.

And hackers are increasingly deploying multi-stage attacks, using an initial data breach as a "beachhead." For example, upon finding a list of customer contacts, they initially launch spam messages. Next, they use the identifying information to create convincingly personalized phishing attacks. Victims who visit the proffered site or download the application might end up with "ransomware" that takes their personal files hostage, or a keystroke-logging tool that steals online banking passwords and credit card numbers.

The report provides more details on these and other aspects of Internet threats, including numbers and types of attacks, malicious activity by country, and the impact of Web 2.0 technologies on security. To download the report visit www.symantec.com/threatreport.

Source: Symantec Internet Security Threat Report, Volume XII, which gathers data from a global network monitoring data threats in over 180 countries. The ISTR also collects intelligence from over 120 million customer systems, the BugTraq mailing list, and the Symantec Probe Network, which operates over two million decoy accounts.

Realizing their Vision

Eight Visionaries Named at 2007 Symantec Vision Event

For the past three years, industry leaders from around the world have been recognized at Symantec's annual Vision event for their innovative use of technology in running their businesses. Nominations for the 2007 Symantec Visionary Awards were accepted from the Symantec sales and services organizations around the world, with more than 60 customers submitted. The nominations were evaluated based on technology innovation, business value impact, and involvement of Symantec partners and services.

The eight Visionaries selected were acknowledged by Symantec Chairman and CEO John W. Thompson and Mike Vizard, Editorial Director at Ziff Davis Enterprise, a co-sponsor of the awards.

Representing a wide range of industries and global markets, the eight Visionaries for 2007 are Allen Montgomery, corporate director of systems and development at Baptist Health South Florida; Rich Jackson, general manager of Global Information Risk Management at Chevron Information Technology Company; Gary Scott, senior architect and team leader for GE Global Infrastructure Services; Theo Gibson, director of infrastructure at Honeywell Aerospace; Mark Kolodzej, vice president of IT and head of the infrastructure services department at ING Investment Management Group, LLC; Albert-Jan Boer, senior manager of communication services for the Defence Telematics Organisation, the IT supplier for the Dutch Ministry of Defence; Gilmar Ribeiro, information security manager at Sistema Usiminas; and Laxman Badiga, corporate vice president and global CIO for Wipro Limited.