Add to del.icio.us     Digg this

September 19, 2007

Late yesterday, Symantec has released its bi-annual Internet Security Threat Report (ISTR) investigating Internet criminal activity over the first six months of 2007. Symantec's report confirms important trends that have been emerging and also notes some new ones that are developing. The security report covers activity for the first six months of 2007.

Symantec's survey analyzes data gathered by the company's Global Intelligence Network. This consists of more than 40,000 sensors monitoring Internet activity in over 180 countries, and sample code gathered by more than 120 million client, server and gateway systems that have deployed Symantec’s antivirus products.

Zulfikar Ramzan, senior principal researcher in Advanced Threat Research at Symantec said that "on average, Internet viruses are dropping rapidly in favor of information theft. Of the top twenty samples we received, about 65 percent could threaten confidential information and approximately eighty-eight percent of those were keystroke loggers."

Ramzan added "it now proves to us that Internet criminals are much more interested in the financial benefits of their activities, as opposed to the notoriety of it as it was the case in the past."

Of course, making matters a lot worse is the availabity of some commercial software and malware that allow anyone to easily make a Trojan or Internet worm. By far, the most notorious is M-PACK, written by a Russian crimeware group that Ramzan said sells for around $1,000.

M-PACK comes with sample code, making it easy for beginners to jumpstart the work. Ramzan added "by far, malware is getting a lot worse simply because developers aren't starting from scratch. They're taking existing development code and making it a lot more lethal."

"In addition, Symantec found that about 42 percent of phishing attacks were from just three specific malware kits, none of which have any name," said Ramzan.

Additionally, Symantec runs what it calls the Probe Network, a system of over two million decoy accounts and "virus traps" to attract email messages from twenty different countries around the world, which allows the company to better measure global spam and phishing activity.

On any given day, Internet malicious activity is less computer vandalism and much more in the realm of criminality. Gone are the days when some kid's virus stomped on your hard disk's F.A.T. table and destroyed your hard drive.

Symantec, along with many other antivirus companies, thinks Internet viruses as we know them are in decline, but replaced with crimeware and serious attempts at stealing private and sensitive corporate data.

Also, those attacks are not aimed at vulnerabilities either. Even though Symantec found all of the operating system vendors have improved their response times to when a vulnerability is discovered, with the exception of Hewlett-Packard, that's not where the criminals are going...

Symantec has discovered that exploits of vulnerabilities only made up about eighteen percent of attacks. The balance were simply looking for a potential victim to click on a link or run a file they shouldn't.

One of the new areas of repeated exploitations are browser plug-ins. Symantec saw a huge increase from 74 to 237 percent over the course of one period between reports. Ramzan said the browser plug-ins are becoming serious targets simply because they are being hardened.

On average, the only browser under attack is Apple's Safari, which went from four in the last report period to 25 in this most recent one, a sure tale sign that Apple is growing in popularity.

A lot of the Internet criminals involved in these activities actually treat it like a real job...

Ramzan says "we are noticing a lot more activity on weekdays than on weekends. There's a supply chain from the underground, commoditization of the tools, support contracts for the toolkits, etc. There's an incredible amount of professionalization that's gone into this world."

Overall, the targets of the majority of these attacks are largely home users, since their general knowledge of technology is a lot lower than some Internet professionals. Symantec estimates 95 of all Internet attacks in the last six months of 2007 have been aimed at the home user, an increase from the 87 percent in 2006.

Rootkits, those nasty programs that seem to scare everyone, appear to have fallen in their overall utilization by cyber criminals. The one single exception was the Storm Trojan because it used a rootkit to hide itself.

By far, Trojans remain the most common form of all attacks, which require a gullible end user, not an exploit.

In general, Ramzan said phishing operations can be completely outsourced and require no technical skills. The only thing a person needs is a development kit in order to build a phishing attack that will work easily, rent time on spam and phishing servers, buy a list of email addresses from the underground economy, and go trolling...

Once you have many credit cards, bank accounts or identities, you can then turn around and sell them on underground servers.

Ramzan found credit cards selling for 50 cents to $5, depending on the limit, bank accounts selling for $30 to $400 and personal identities selling for $6 to $100.

Add to del.icio.us     Digg this

Source: Internet News

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.