The rise in malicious code threats last year saw Symantec create over 1.6 million new malicious code signatures, equating to over 60% of the total malicious code signatures ever created by Symantec. On average, the signatures helped to block over 245 million attempted malicious code attacks each month worldwide during 2008.
The report cites that web surfing continues to be the primary course of new infections in 2008, and reported that attackers are relying more on customised malicious code toolkits to develop and distribute their threats. Symantec also revealed that 90% of all detected threats during the study period were intended to steal confidential information.
Symantec observed a surge in keystroke-logging capability, used to harvest information such as online bank account details, as it was seen to make up 76% of threats to confidential information in 2008 compared with 72% in 2007.
The report from Symantec also indicates a thriving underground economy, as well as an increased resilience from malware authors against attempts to halt their activities. This can be seen in the example of the shutdown of two US-based botnet hosting outfits, which contributed to a significant decrease in active botnet activity during September and November 2008. Botnet operators however found alternative sites for hosting, and botnet infections once again rose to previously attained levels.
Also highlighted by Symantec were vulnerabilities in web application platforms. Sixty-three percent of vulnerabilities in 2008 affected web applications, marking an increase from 59% in 2007. Additionally, of the approximately 13 000 site-specific cross-site scripting vulnerabilities reported in 2008, just 3% had been fixed at the time the report was written.
Regarding web-based attacks, the top three origins of the threats were found to be the United States (38%), China (13%) and the Ukraine (12%). Six of the top 10 countries were from the Europe and Middle East Africa regions and accounted for 45% of the global total of web based attacks.
The report from Symantec reported a growth in phishing in 2008, hitting approximately 55 000, up 66% over 2007, while an increase of 192% was observed in spam, with the number of cases touching 349.6 billion in 2008.
Guy Bunker, chief scientist at Symantec noted the rise of vulnerabilities associated with browser plug-ins. “Whilst individuals and businesses might have some sort of defence for browsers, they often don’t for browser plug-ins.”
He also observed that “Credit cards are still number one in terms of what [criminals] are after. Bank accounts are number two. Number three is passwords. This indicates that cybercriminals are after information as a general sphere.”
Speculating on threats likely to grow this year, Bunker cites mobile devices. “Because of connectivity – it’s always on - and the value of transactions in online banking, it’s worth a fiver for a criminal to attack it. A lot of people are not thinking about mobile phones as a source of data loss.” He adds that Symantec are “seeing an increase in key-loggers.”