Internet Security Threat Report, Security research and analysis

Symantec Intelligence Quarterly

Symantec Intelligence Quarterly offers analysis and discussion of threat activity over a three-month period and is intended to be a complement to the annual Symantec Internet Security Threat Report (ISTR). It covers Internet attacks, vulnerabilities, malicious code, phishing, spam and security risks.

Symantec Intelligence Quarterly, July – September 2010 Reports

There are two reports for the July – September 2010 quarter, as well as a summary of key findings, and a summary of best practices and methodologies from these latest reports.

Global Intelligence Quarterly Report

Europe, the Middle East, and Africa Intelligence Quarterly Report

Key Findings Summary

Best Practices and Methodologies Summary

Highlights & Trends

July – September 2010:

Previous Report, April – June 2010

The United States was the top country for malicious activity in this quarter, accounting for 23 percent of the total.

Last quarter, the U.S. accounted for 21 percent of the total.

Credit card information is the most commonly advertised item for sale on underground economy servers known to Symantec in this quarter, accounting for 23 percent of all goods and services.

Last quarter, credit card information accounted for 28 percent of the total.

The top Web-based attack for the quarter was related to the Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness, which accounted for 36 percent of the total.

Last quarter, the top Web-based attack was related to malicious PDF activity, which accounted for 36 percent of the total.

The most common malicious code sample by potential infections during this quarter was the Sality.AE virus.

The Sality.AE virus was also the most common last quarter.

Symantec observed 14.6 trillion spam messages during this quarter, accounting for 91 percent of all email messages observed.

Last quarter, Symantec observed 12.7 trillion spam messages during this quarter, accounting for approximately 89 percent of all email messages observed.

The majority of brands used in phishing attacks this quarter were in the financial sector, which accounted for 73 percent of the total.

During the last quarter, the financial sector also accounted for 73 percent of the total.

Previous Global Reports of the Symantec Intelligence Quarterly

Symantec Intelligence Quarterly: Global Report (April – June 2010)

Symantec Intelligence Quarterly: Global Report (January – March 2010)

Symantec Intelligence Quarterly: Global Report (October – December 2009)

Symantec Intelligence Quarterly: Global Report (July – September 2009)

Internet Security Threat Report: Mid-Term Report

Attack Toolkits and Malicious Websites

Launching widespread attacks on networked computers used to be a task reserved for a rare few hackers – those with an extensive knowledge of programming. This is no longer the case. The advent of attack toolkits has lowered the bar significantly, opening the doors for anyone with a basic understanding of networking and computers to produce threats that exploit vulnerabilities.

These toolkits are used to enable the theft of sensitive information or to convert compromised computers into a network of botnets in order to mount additional attacks. They are advertised and sold in the online underground economy. Symantec believes that attack kits play a significant role in the continuing evolution of cybercrime into a self-sustaining, profitable, and increasingly organized economic model worth millions of dollars.

This report provides an in-depth look at the evolution of attack kits, their features and how hackers use them to lure in victims, especially online. The report also provides mitigation techniques to help protect your organization from the sophisticated attacks created by these toolkits.