Internet Security Threat Report

Symantec.com > Business > Internet Security Threat Report

Symantec Response conducts ongoing, in-depth research and analysis of current threat trends impacting users of the Internet. To better enable you to implement effective security measures, Symantec provides detailed reports of trends, impact and preventive measures that you can deploy to protect and manage your information.

Symantec Report: Web-based Attacks

Technology growth on the web has changed the way businesses and consumers communicate and interact with each other. The Symantec Web Based Attacks report describes the anatomy of web based attacks and examines some of the factors that have influenced a shift toward this type of attack over the last year.

This report, released February, 2009 is now available.

Web Based Attacks: February, 2009

Report Highlights

Throughout 2008, Symantec observed a high number of legitimate web sites being compromised and inconspicuously repurposed to serve web attacks, unknown to the visitors of those sites. Today, malware authors are looking for wider targets and mainstream web sites provide a large base of users for malware authors to target. More significantly, they provide a set of users who are less likely to be concerned about being the victim of a malware attack because they hold the belief that if they only surf to mainstream Web Sites, they will be safe.

Few web sites are immune from being compromised and are used as a host to deliver malware to their unsuspecting visitors. During 2008, Symantec observed more than 18 million drive-by download attacks and more than 23 million misleading application attacks. These two attack types represented web attacks from 808,000 unique domains, many of which are mainstream web sites, including: news, travel, online retail, games, real estate, government and many others. This paper examines how these legitimate sites have become targets for malware authors, with reviews of some of the more popular techniques, such as malvertisements, used to compromise these sites.

Top Web Threat Trends for 2008

1.	Drive-by downloads from mainstream web site are increasing
2.	Attacks are heavily obfuscated and dynamically changing making traditional antivirus solutions ineffective
3.	Attacks are targeting browser plug-ins instead of only the browser itself
4.	Misleading applications infecting users are increasing
5.	SQL injection attacks are being used to infect mainstream web sites
6.	Malvertisements are redirecting users to malicious web sites
7.	Explosive growth in unique and targeted malware samples

Table 1. Top Web Threat Trends for 2008
Source: Symantec Corporation

Internet Security Threat Report

The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a one-year period. It covers Internet threat activities, vulnerabilities, malicious code, phishing, spam and security risks as well as future trends. The fourteenth version of the report, released April 14, 2009, is now available.

Internet Security Threat Report Volume XIV: April, 2009

Executive Summary: April, 2009

Volume XIV Highlights

A significant spike in new malicious code threats occurred during 2008. Symantec created 1,656,227 new malicious code signatures during this time period. This is a 165 percent increase over 2007, when 624,267 new malicious code signatures were added. This means that of all the malicious code signatures created by Symantec, more than 60 percent of that total was created in 2008. The explosive growth can be attributed to the professionalism of malicious code development, supporting the demand for goods and services that facilitate online fraud.

Malicious code that exposes confidential information is a valued asset in the underground economy. Advertisements seeking malicious code authors are often looking for a one-time development of specific code to create new variants of existing threats, rather than developing entirely new threats.

Variants of existing malicious code can be developed more easily and can therefore be posted for sale on the underground market much more quickly. This is evidenced by the flourishing profitability of confidential information sales, as discussed in the Symantec Report on the Underground Economy, November 2008.

Table 1. New malicious code signatures

Source: Symantec Corporation

Featured Media

Flash Demo: Internet Security Threat Report Volume XIV
Webcast: Internet Security Threat Report Volume XIV, April 30 2009

Regional & Industry Reports

The following reports provide in-depth analysis on regional and government sector threat activity:

EMEA Internet Security Threat Report : April, 2009
APJ Internet Security Threat Report : April, 2009
LAM Internet Security Threat Report : April, 2009
Government Internet Security Threat Report : April, 2009

Podcasts

ISTR XIV – Web-Based Attacks
This podcast will cover the impact of web-based attacks, providing analysis and discussion of the data gathered by Symantec between January 1 and December 31, 2008. Listen now

ISTR XIV – Financially Motivated Malicious Code Development
This podcast will cover the financial motivation behind the malicious code development, providing analysis and discussion of the data gathered by Symantec between January 1 and December 31, 2008. Listen now

ISTR XIV – Phishing and Spam in the Economic Downturn
This podcast will cover the Phishing and Spam trends, providing analysis and discussion of the data gathered by Symantec between January 1 and December 31, 2008. Listen now

Internet Security Threat Report Blog

Read what Symantec’s Security Response experts are writing about the latest issue of the Internet Security Threat Report.

Resources

Symantec RSA 2008 Keynote

Security Leadership (ESG Analyst Report)

Symantec Report: Web-based Attacks

Report Highlights

Internet Security Threat Report

Volume XIV Highlights

Table 1. New malicious code signatures

Featured Media

Regional & Industry Reports

Podcasts

Internet Security Threat Report Blog

Archive