SINGAPORE -- 20 September, 2005 - Symantec Corp. (Nasdaq: SYMC) today released its eighth volume of the Internet Security Threat Report, one of the most comprehensive sources of Internet threat data in the world. The semiannual report, covering the six-month period from January 1 to June 30, 2005, identified new methods of using malicious code for financial gain with increasing frequency to target desktops rather than enterprise perimeters.
The report also found a rise in the exposure of confidential information. Such threats can result in significant financial loss, particularly if credit card information or banking details are exposed. Moreover, these concerns are more worrisome as online shopping and Internet banking continue to increase in popularity. During the first half of 2005, malicious code that exposed confidential information represented 74 percent of the top 50 malicious code samples reported to Symantec, up from 54 percent in the previous six months.
"Attackers are moving away from large, multipurpose attacks on network perimeters and toward smaller, more targeted attacks directed at Web and client-side applications," said C.M. Woon, country manager of Symantec Malaysia. "As the threat landscape continues to change, users need to be diligent in keeping systems up-to-date with security patches and security solutions."
Additionally, bot networks and custom bot code were available for purchase or rent; Symantec observed an average of 10,352 active bot network computers per day, an increase of more than 140 percent from the previous reporting period's 4,348 bot computers. As the financial rewards increase, attackers will likely develop more sophisticated and stealthier malicious code that will be implemented in bot features and bot networks, some of which could attempt to disable antivirus, firewalls, and other security measures.
Modular malicious code - malicious code that has limited functionality initially but then downloads additional functionality once a system has been infected - is also increasing. The shift toward modular malicious code is significant as it indicates that attackers may be attempting to avoid detection and attempting to compromise a system further by opening back doors on an infected system or visiting Web sites where further malicious code can be retrieved and placed on the target system.
The report also found that phishing attacks continue to proliferate. The volume of phishing messages grew from an average of 2.99 million messages a day to 5.70 million. One out of every 125 e-mail messages scanned by Symantec Brightmail AntiSpam was a phishing attempt, an increase of 100 percent from the last half of 2004. Symantec Brightmail AntiSpam antifraud filters were blocking more than 40 million phishing attempts per week on average, up from approximately 21 million per week at the beginning of January.
Additional key findings include the following:
About the Symantec Internet Security Threat Report
The Symantec Internet Security Threat Report provides analysis of network-based attacks, a review of known vulnerabilities and highlights of malicious code and additional security risk. The following resources give Symantec analysts an unparalleled pool of data with which to identify and analyze emerging trends in Internet security activity:
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/region/sg/PressCenter/my.html on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States. Symantec, the Symantec logo, VERITAS, and the VERITAS logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and certain other countries. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.