• silicon.com
• Technology
• Security

By Elinor Mills, 14 April 2009 13:22

NEWS

A report released today finds huge increases in the number of security holes in software and the number of internet threats, particularly attacks in which browsers are hijacked and forced to download malicious programs as people surf the web.

Most web-based attacks target visitors to legitimate websites that have been compromised and that either serve up malicious content to the visitor or embed a malicious and invisible iframe on the page that surreptitiously redirects the user's browser to another web server under an attacker's control, according to the Symantec Internet Security Threat Report.

Attacks are traded in underground channels, with people buying and selling software that automates attacks or even entire botnets of infected computers that serve as spam armies, the report says. Stolen data is then marketed and offered up with price lists and guarantees. Oddly, the price of stolen data remained the same in 2008 despite the fact the economy took a nose dive, said Zulfikar Ramzan, a technical director at Symantec Security Response.

The top web-based attack in 2008 exploited the Microsoft IE ADODB.Stream Object File Installation Weakness vulnerability, while the top-attacked vulnerability was the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability, according to the report.

Other dangers from 2008 highlighted in Symantec's report:

Conficker
Infections of Conficker, also known as 'Downadup', have been particularly strong in Asia Pacific and Latin America, areas with some of the highest rates of software piracy. Pirated versions of software cannot be automatically updated to receive security patches. The worm, which has infected millions of Windows-based PCs that are not patched, is now communicating with other infected machines via peer-to-peer, dropping a mystery payload and installing malware that masquerades as antivirus software.

Identity fraud
Nearly 80 per cent of confidential information threats exposed user data and 76 per cent used keystroke-logging to steal data like banking account credentials. Of the phishing attacks, 76 per cent attempted to lure victims to specific financial sector brands and one group - the Russian Business Network - is believed to be responsible for about half of the phishing incidents that occurred worldwide last year.

Twelve per cent of all data breaches exposed credit card information, which is the most popular item for sale in the underground economy.

Most data breaches that could lead to identity fraud were in the education sector, while the financial sector was the top industry for identities exposed. Theft or loss of equipment accounted for nearly half of data breaches that could lead to identity fraud and for 66 per cent of identities exposed.

Spam
The most common type of spam detected was related to internet- or computer-related goods and services. Spam volumes rose nearly 200 per cent in 2008 to nearly 350 billion messages in 2008. Botnets were responsible for distributing about 90 per cent of all spam email.

Malware spikes
Symantec detected nearly 1.66 malicious code threats, which represent 60 per cent of the 2.6 million total malware threats Symantec has detected since it has been tracking this. The number of new malicious code signatures grew by 265 per cent from 2007. Trojans make up nearly 70 per cent of the volume of the top 50 malicious code samples.

Vulnerabilities up
Symantec documented nearly 5,500 vulnerabilities in 2008, up nearly 20 per cent over 2007 and 80 per cent of documented vulnerabilities were classified as easily exploitable.

Safari had the longest window of exposure between when the exploit code was released for a vulnerability and when a vendor released a patch, with a nine day average, while Mozilla had the shortest with a less than one day average. Mozilla browsers were affected by 99 new vulnerabilities in 2008, followed by 47 in IE, 40 in Safari, 35 in Opera and 11 in Google Chrome. There were 424 browser plug-in vulnerabilities and ActiveX accounted for most of those.

Geographies
Most attacks originated in the US and the US was the country most frequently targeted by denial-of-service attacks.

Critical infrastructure
Telecommunications was the top critical infrastructure sector for malicious activity, accounting for 97 per cent of the total, and the most common type of attack was denial-of-service.