Symantec Internet Security Threat Report – March 2007

Symantec released it’s XI edition of Internet Security Threat Report which covers the 2nd half of 2006 global security activity : malware, vulnerabilities, exploits, phishing, etc. Quoting the exec summary:

The Symantec Internet Security Threat Report provides a six-month update of Internet threat activity. It includes analysis of network-based attacks, a review of known vulnerabilities, and highlights of malicious code. It also assesses numerous issues related to online fraud, including phishing, spam, and security risks such as adware, spyware, and misleading applications.

Attack Trends Highlights

  • The government sector accounted for 25 percent of all identity theft-related data breaches, more thanany other sector.
  • The theft or loss of a computer or other data-storage medium made up 54 percent of all identity theftrelated data breaches during this period.
  • The United States was the top country of attack origin, accounting for 33 percent of worldwide attack activity.
  • Symantec recorded an average of 5,213 denial of service (DoS) attacks per day, down from 6,110 in the first half of the year.
  • The United States was the target of most DoS attacks, accounting for 52 percent of the worldwide total.
  • The government sector was the sector most frequently targeted by DoS attacks, accounting for 30 percent of all detected attacks.
  • Microsoft Internet Explorer was targeted by 77 percent of all attacks specifically targeting Web browsers.
  • Home users were the most highly targeted sector, accounting for 93 percent of all targeted attacks.
  • Symantec observed an average of 63,912 active bot-infected computers per day, an 11 percent increase from the previous period.
  • China had 26 percent of the world’s bot-infected computers, more than any other country.
  • The United States had the highest number of bot command-and-control computers, accounting for 40 percent of the worldwide total.
  • Beijing was the city with the most bot-infected computers in the world, accounting for just over five percent of the worldwide total.
  • The United States accounted for 31 percent of all malicious activity during this period, more than any other country.
  • Israel was the highest ranked country for malicious activity per Internet user, followed by Taiwan and Poland.
  • Fifty-one percent of all underground economy servers known to Symantec were located in the United States, the highest total of any country.
  • Eighty-six percent of the credit and debit cards advertised for sale on underground economy servers known to Symantec were issued by banks in the United States.

Vulnerability Trends Highlights

  • Symantec documented 2,526 vulnerabilities in the second half of 2006, 12 percent higher than the first half of 2006, and a higher volume than in any other previous six-month period.2
  • Symantec classified four percent of all vulnerabilities disclosed during this period as high severity, 69 percent were medium severity, and 27 percent were low severity.
  • Sixty-six percent of vulnerabilities disclosed during this period affected Web applications.
  • Seventy-nine percent of all vulnerabilities documented in this reporting period were considered to be easily exploitable.
  • Seventy-seven percent of all easily exploitable vulnerabilities affected Web applications, and seven percent affected servers.
  • Ninety-four percent of all easily exploitable vulnerabilities disclosed in the second half of 2006 were remotely exploitable.
  • In the second half of 2006, all the operating system vendors that were studied had longer average patch development times than in the first half of the year.
  • Sun Solaris had an average patch development time of 122 days in the second half of 2006, the highest of any operating system.
  • Sixty-eight percent of the vulnerabilities documented during this period were not confirmed by the affected vendor.
  • The window of exposure for vulnerabilities affecting enterprise vendors was 47 days.
  • Symantec documented 54 vulnerabilities in Microsoft Internet Explorer, 40 in the Mozilla browsers, and four each in Apple Safari and Opera.
  • Mozilla had a window of exposure of two days, the shortest of any Web browser during this period.
  • Twenty-five percent of exploit code was released less than one day after vulnerability publication.
  • Thirty-one percent was released in one to six days after vulnerability publication.
  • Symantec documented 12 zero-day vulnerabilities during this period, a significant increase from the one documented in the first half of 2006.
  • Symantec documented 168 vulnerabilities in Oracle database implementations, more than any other database.

Malicious Code Trends Highlights

  • Of the top ten new malicious code families detected in the last six months of 2006, five were Trojans, four were worms, and one was a virus.
  • The most widely reported new malicious code family this period was that of the Stration worm.
  • Symantec honeypot computers captured a total of 136 previously unseen malicious code threats between July 1 and December 31, 2006.
  • During this period, 8,258 new Win32 variants were reported to Symantec, an increase of 22 percent over the first half of 2006.
  • Worms made up 52 percent of the volume of malicious code threats, down from 75 percent in the previous period.
  • The volume of Trojans in the top 50 malicious code samples reported to Symantec increased from 23 percent to 45 percent.
  • Trojans accounted for 60 percent of the top 50 malicious code samples when measured by potential infections.
  • Polymorphic threats accounted for three percent of the volume of top 50 malicious code reports this period, up from one percent in the two previous periods.
  • Bots made up only 14 percent of the volume of the top 50 malicious code reports.
  • Threats to confidential information made up 66 percent of the top 50 malicious code reported to Symantec.
  • Keystroke logging threats made up 79 percent of confidential information threats by volume of reports, up from 57 percent in the first half of the year and 66 percent in the second half of 2005.
  • Seventy-eight percent of malicious code that propagated did so over SMTP, making it the most commonly used propagation mechanism.
  • Malicious code using peer-to-peer to propagate rose from 23 percent of all propagating malicious code in the first six months of 2006 to 29 percent in the last half of the year.
  • The majority of malicious code reports during this period originated in the United States.
  • During the second half of 2006, 23 percent of the 1,318 documented malicious code instances exploitedvulnerabilities.
  • MSN Messenger was affected by 35 percent of new instant messaging threats in the second half of the year.

Phishing, Spam, and Security Risks Highlights

  • The Symantec Probe Network detected a total of 166,248 unique phishing messages, a six percent increase over the first six months of 2006. This equates to an average of 904 unique phishing messages per day for the second half of 2006.
  • Symantec blocked over 1.5 billion phishing messages, an increase of 19 percent over the first half of 2006.
  • Throughout 2006, Symantec detected an average of 27 percent fewer unique phishing messages on weekends than the weekday average of 961.
  • On weekends, the number of blocked phishing attempts was seven percent lower than the weekday average of 7,958,323 attempts per day.
  • Organizations in the financial services sector accounted for 84 percent of the unique brands that were phished during this period.
  • Forty-six percent of all known phishing Web sites were located in the United States, a much higher proportion than in any other country.
  • Between July 1 and December 31, 2006, spam made up 59 percent of all monitored email traffic. This is an increase over the first six months of 2006 when 54 percent of email was classified as spam.
  • Sixty-five percent of all spam detected during this period was written in English.
  • In the last six months of 2006, 0.68 percent of all spam email contained malicious code. This means that one out of every 147 spam messages blocked by Symantec Brightmail AntiSpam contained malicious code.
  • Spam related to financial services made up 30 percent of all spam during this period, the most of any category.
  • During the last six months of 2006, 44 percent of all spam detected worldwide originated in the United States.
  • The United States hosted the largest proportion of spam zombies, with 10 percent of the worldwidetotal.
  • The most commonly reported security risk was an adware program named ZangoSearch.
  • All of the top ten security risks reported in the last six months of 2006 employ at least one anti-removal technique compared to only five of the top ten security risks in the last reporting period.
  • All of the top ten security risks reported during this period employ self-updating.
  • Potentially unwanted applications accounted for 41 percent of reports in the top ten new security risks in the second half of 2006.
  • Misleading application detections increased by 40 percent in the second half of 2006.

Full report (PDF)



Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback. Print This Post Print This Post

One Response to “Symantec Internet Security Threat Report – March 2007


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge