Number of Internet threats increased by 64 per cent in 2006 19 March, 2007 By Vanessa Ho

PromoPipeline Exclusive Channel Promotions Find Out How You Can Make Money Today! ENROLL FREE! >> Factory Direct Should Not be Cheaper William Vanderbilt - Innovative Learning Channels Cloud Ecosystem II: A Candid Conversation with Oracle Beth Vanni - Amazon Consulting Cloud Ecosystem: A Candid Conversation with Rackspace Hosting Beth Vanni - Amazon Consulting Channel Manager Compensation William Vanderbilt - Innovative Learning Channels Financial Expertise William Vanderbilt - Innovative Learning Channels

In the report, Symantec documented 12 zero-day vulnerabilities. This is a significant increase over the first half of 2006 and the second half of 2005 when only one zero-day vulnerability was documented for each reporting period.

Overall the number of threats increased by 300 per cent since 2005, 64 per cent alone in 2006.

"The situation is not getting better," said Dean Turner, executive editor of the Symantec Internet Security Threat Report "It is all being driven by cash [this increase in threats]," he added.

For the first time, the report took a look at overall levels of malicious activity across the Internet and ranked it by country.

"The United States was number one in terms of the source of worldwide malicious activity at 33 percent. Canada ranked fifth at five per cent.

"The United States ranked number one in every category worldwide. The reason is the US has 19 per cent of the worldwide Internet population," Turner said.

"In terms of bot net threats, the report identified six million in the latter half of 2006, a 29 per cent increase over the last report. China had 26 per cent of the worlds bot-infected computers, more than any other country.

The US had the highest number of bot command-and-control computers, accounting for 40 per cent of the worldwide total.

In Canada, the Symantec report noted the top bot infected cities with Toronto number one at 21 per cent of infected machines followed by Montreal, Vancouver, Calgary and Ottawa.

"These attackers are going to where there is the highest number of broadband connections," Turner said.

"Other malicious attack activity findings include Symantec noting an average of 5213 denial of service (DoS) attacks per day, down from 6110 in the first half of the year. The US was the target of the most DoS attacks, accounting for 52 per cent of the worldwide total.

"78 per cent of malicious code that propagated did so over SMTP (email), making it the most commonly used propagation mechanism but down from the previous report, which noted 98 per cent.

"Malicious code using peer-to-peer for the propagation of malicious code was 29 per cent, an increase from 23 per cent over the last report. Also for the first time, the Symantec report tracked the trade of stolen confidential information.

"What we really noticed in the last six months of 2006 is this increase of data theft and data leakage," said Turner.

Threats to confidential information increased from 48 per cent of the Top 50 malicious codes reported to 66 per cent. The report also noted the increased use of underground economy servers by criminals and criminal organizations to sell stolen information.

The number one target for data breaches was the government sector at 25 per cent followed by education at 20 per cent and health care at 14 per cent.

Turner said the reason why these sectors were targeted was because its information was deemed valuable by cyber criminals. As well, 54 per cent of data breaches were due to theft and loss of such things as laptops and USB drives.

He added that 28 per cent of data breaches were due to insecure security policy such allowing people to save onto a USB drive. Additionally, Turner said another reason why these pubic sectors were overrepresented in the report was because they are required by law to disclose any data breaches.

"In terms of vulnerabilities, Symantec documented 2526 vulnerabilities in the second half of 2006, 12 per cent higher than the first half and a higher volume than in any other previous six-month period.

An Oracle database had the highest number of documented vulnerabilities of the major database vendors with 168 noted in the last six months of 2006, said Turner. Meanwhile, Microsoft SQL servers have not had any documented vulnerabilities in the past three reporting periods.

When it comes to vendor responsiveness to vulnerabilities, 68 per cent were not confirmed by the affected vendor (i.e. no patches were developed). This is up 61 per cent from the last report.

Turner said that all operating system vendors observed had longer than average patch development time during the last six months of 2006. Sun Solaris had the longest at 122 days.

Also in the latter half of 2006, volume XI of Symantec's Internet Security Report noted 1.5 billion phishing messages or 904 phishing attacks a day, which is an increase of 19 per cent over the first six months. 84 per cent of those were targeted at financial institutions.

§Throughout 2006, Symantec detected an average of 27 per cent fewer unique phishing messages on weekends than the weekday average of 961.

"Phishing activities tend to mirror the average business week by mimicking legitimate company email practices," said Turner.

The report also noted that phishing attacks increased during holiday periods such as Christmas, New Years, the FIFA World Cup and tax time as attackers know they will get a bigger audience during those times.

§46 per cent of all known phishing sites were located in the US, a much higher proportion than in any other country. 44 per cent of all spam detected worldwide also originated in the US.

As for the future, Symantec expects to see more threats beginning to appear on Windows Vista with a focus on third party applications that run on the new Microsoft operating system.

"Vista should be commended for hardening its OS but it is not a security solution," said Turner.

As well, the security company expects to see the development of new phishing economies such as targeting the online gaming community and the development and implementation of new techniques to evade anti-phishing solutions such as blocks lists and the use of ready-made phishing kits. Also, Symantec expects that, with the increased adoption of software virtualization, new attacks will be developed and that virtual environments may be targeted as a way of compromising host systems.