Feeds

Hackers target home users for cash

'It's war out there' says Symantec report

SANS - Survey on application security programs

Consumers are now on the main target of malicious hackers intent on enriching themselves through the misery of others. Vulnerabilities in desktop applications and the increased use of stealth techniques are on the rise among members of the digital underground, according to the latest edition of Symantec's Internet Security Threat Report.

The report, which covers the first half of 2006, suggests that consumer security protection is weak, leaving Joe Public easy prey to identity thieves, botnet herders and other financially motivated criminals. Crackers are using a variety of techniques to escape detection and remain on infected systems for longer. Symantec reckons assaults against consumers account for 86 per cent of all targeted attacks. Banks and other financial sector organisations are the second most prevalent target for internet attacks. Phishing attacks almost doubled during the reporting period.

The first six months of 2006 saw a continuation of the trend of large, widespread internet worms giving way to smaller, more targeted attacks focusing on fraud, data theft, and criminal activity. Client-side applications such as web browsers and email clients are popular attack targets.

Vulnerabilities affecting Web applications accounted for 69 per cent of all vulnerabilities documented by Symantec in the first half of 2006. Flaws in web browsers were particularly prominent in this mix with 47 vulnerabilities documented in Mozilla browsers (compared to 17 in the last reporting period), 38 in Microsoft Internet Explorer (compared to 25 in 2H05), and 12 in Apple Safari (compared to six in 2H05). Symantec fails to say how many of these vulnerabilities are serious, so direct comparisons may be misleading.

Ollie Whitehouse, Symantec research scientist and one of the authors of the report, told El Reg that the company didn't classify in the report how many of these vulnerabilities might be used to inject hostile code, as opposed to simply crashing browsers.

Hide and seek

In the first half of 2006, 18 per cent of all malicious code samples detected by Symantec had not been seen before, indicating that hackers are trying harder to evade detection by signature-based anti virus and intrusion prevention systems.

Phishers are also attempting to bypass filtering technologies by creating multiple randomised messages. In H1 2006, 157,477 unique phishing messages were detected, 81 per cent more than the previous six months. The financial services sector was the most heavily phished, accounting for 84 per cent of phishing sites tracked by the Symantec.

Spam accounted for just over half (54 per cent) of monitored email traffic, slightly up from 50 per cent in 2H05. Malware authors are increasingly trying to tempt users into web sites hosting malicious code as opposed to burying viruses within infectious attachments, where hostile code is more likely to be blocked.

Networks of compromised PCs remain a lucrative resource for hackers. These bot networks can be used not only to spread malicious code, but to send spam or phishing messages, download adware and spyware, launch denial of service attacks, or harvest confidential user information.

Symantec identified more than 4.6m active bot network computers and observed an average of 57,717 active bot network computers per day during the first half of 2006. During the reporting period, the IT security firm observed an average of 6,110 denial of service attacks per day, a big increase from the 1,402 DoS attacks per day it recorded in the last six months of 2005. Just over half (54 per cent) of these attacks were thrown at US-based systems. ISPs bore the brunt of the onslaught.

Future imperfect

Other financially motivated attacks use modular malicious code, malware that updates itself or downloads more aggressive threat components onto compromised PCs once it gains a foothold. During the first half of 2006, modular malicious code accounted for 79 percent of the top 50 malicious code samples reported to Symantec. Malicious code samples capable of exposing confidential data represented 30 of the top 50 samples seen be the security firm.

Symantec predicts that virus writers will resurrect polymorphic virus techniques in a bid to escape detection by anti-virus filters. It also reckons hackers will apply "Web 2.0" concepts such as user-based publishing and technologies like AJAX in internet attacks.

Symantec documented 2,249 new vulnerabilities in the first half of 2006, an increase of 18 per cent over 2H05 and the highest volume of vulnerabilities recorded for any reporting period so far. Fuzzers, programs or scripts designed to find vulnerabilities in software code, will raise the vulnerability count even further.

On a more positive note, vendors are releasing software patches more quickly. The window of exposure for enterprise vendors and web browsers was 28 days, down from 50 days in the previous period. Microsoft Internet Explorer had an average window of exposure of nine days (down from 25), Apple Safari at five days (up from zero), Opera at two days (down from 18), and Mozilla at one day. These figures down take into account the effect of the latest, unpatched IE exploits might have on statistics.

For the first time, Symantec also looked at how long operating system vendors take to patch security bugs. Sun had the longest patch release time with 89 days followed by HP with 53 days. Apple took an average of 37 days while Microsoft and Red Hat had the lowest average patch release times of 13 days apiece. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.