Feeds

Hackers target home users for cash

'It's war out there' says Symantec report

5 things you didn’t know about cloud backup

Consumers are now on the main target of malicious hackers intent on enriching themselves through the misery of others. Vulnerabilities in desktop applications and the increased use of stealth techniques are on the rise among members of the digital underground, according to the latest edition of Symantec's Internet Security Threat Report.

The report, which covers the first half of 2006, suggests that consumer security protection is weak, leaving Joe Public easy prey to identity thieves, botnet herders and other financially motivated criminals. Crackers are using a variety of techniques to escape detection and remain on infected systems for longer. Symantec reckons assaults against consumers account for 86 per cent of all targeted attacks. Banks and other financial sector organisations are the second most prevalent target for internet attacks. Phishing attacks almost doubled during the reporting period.

The first six months of 2006 saw a continuation of the trend of large, widespread internet worms giving way to smaller, more targeted attacks focusing on fraud, data theft, and criminal activity. Client-side applications such as web browsers and email clients are popular attack targets.

Vulnerabilities affecting Web applications accounted for 69 per cent of all vulnerabilities documented by Symantec in the first half of 2006. Flaws in web browsers were particularly prominent in this mix with 47 vulnerabilities documented in Mozilla browsers (compared to 17 in the last reporting period), 38 in Microsoft Internet Explorer (compared to 25 in 2H05), and 12 in Apple Safari (compared to six in 2H05). Symantec fails to say how many of these vulnerabilities are serious, so direct comparisons may be misleading.

Ollie Whitehouse, Symantec research scientist and one of the authors of the report, told El Reg that the company didn't classify in the report how many of these vulnerabilities might be used to inject hostile code, as opposed to simply crashing browsers.

Hide and seek

In the first half of 2006, 18 per cent of all malicious code samples detected by Symantec had not been seen before, indicating that hackers are trying harder to evade detection by signature-based anti virus and intrusion prevention systems.

Phishers are also attempting to bypass filtering technologies by creating multiple randomised messages. In H1 2006, 157,477 unique phishing messages were detected, 81 per cent more than the previous six months. The financial services sector was the most heavily phished, accounting for 84 per cent of phishing sites tracked by the Symantec.

Spam accounted for just over half (54 per cent) of monitored email traffic, slightly up from 50 per cent in 2H05. Malware authors are increasingly trying to tempt users into web sites hosting malicious code as opposed to burying viruses within infectious attachments, where hostile code is more likely to be blocked.

Networks of compromised PCs remain a lucrative resource for hackers. These bot networks can be used not only to spread malicious code, but to send spam or phishing messages, download adware and spyware, launch denial of service attacks, or harvest confidential user information.

Symantec identified more than 4.6m active bot network computers and observed an average of 57,717 active bot network computers per day during the first half of 2006. During the reporting period, the IT security firm observed an average of 6,110 denial of service attacks per day, a big increase from the 1,402 DoS attacks per day it recorded in the last six months of 2005. Just over half (54 per cent) of these attacks were thrown at US-based systems. ISPs bore the brunt of the onslaught.

Future imperfect

Other financially motivated attacks use modular malicious code, malware that updates itself or downloads more aggressive threat components onto compromised PCs once it gains a foothold. During the first half of 2006, modular malicious code accounted for 79 percent of the top 50 malicious code samples reported to Symantec. Malicious code samples capable of exposing confidential data represented 30 of the top 50 samples seen be the security firm.

Symantec predicts that virus writers will resurrect polymorphic virus techniques in a bid to escape detection by anti-virus filters. It also reckons hackers will apply "Web 2.0" concepts such as user-based publishing and technologies like AJAX in internet attacks.

Symantec documented 2,249 new vulnerabilities in the first half of 2006, an increase of 18 per cent over 2H05 and the highest volume of vulnerabilities recorded for any reporting period so far. Fuzzers, programs or scripts designed to find vulnerabilities in software code, will raise the vulnerability count even further.

On a more positive note, vendors are releasing software patches more quickly. The window of exposure for enterprise vendors and web browsers was 28 days, down from 50 days in the previous period. Microsoft Internet Explorer had an average window of exposure of nine days (down from 25), Apple Safari at five days (up from zero), Opera at two days (down from 18), and Mozilla at one day. These figures down take into account the effect of the latest, unpatched IE exploits might have on statistics.

For the first time, Symantec also looked at how long operating system vendors take to patch security bugs. Sun had the longest patch release time with 89 days followed by HP with 53 days. Apple took an average of 37 days while Microsoft and Red Hat had the lowest average patch release times of 13 days apiece. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.