Highlights of Symantec’s 10th Internet security threat report:
Attack Trends:
Microsoft Internet Explorer gets the award for most frequently targeted Web browser, or 47 per cent of all browser attacks.Internet service providers were the most frequently targeted sector
Vulnerability Trends:
Symantec recorded 2,249 new threats in first six months of 2006, up 18 per cent over second half of 2005. Scary, because that is also the highest ever recorded in a six-month period. Web-application vulnerabilities earned a whopping 69 per cent of all vulnerabilities that were reported. Out of all the vulnerabilities disclosed, 88 per cent were considered easily exploitable with 78 per cent of that total affecting Web applications. Internet Explorer had average window of exposure of nine days, followed by Apple Safari at five days and Mozilla one day.
Malicious Code Trends:
Out of all distinct malicious code samples detected by Symantec’s “honey-pot” system, 18 per cent were not previously seen. The most widespread new malicious code award goes to the Polip family of “polymorphic viruses” that are elusive and difficult to remove. Out of the top 50 malicious codes, 38 were worms. Symantec documented 6,784 new Win32 viruses and worms. Out of the top 50 malicious code samples, 30 exposed confidential information.
Phishing and Spam:
Symantec found a whopping 157,477 unique phishing messages in first half of 2006. That’s up 81 per cent over previous reporting period with the biggest phishing target being financial services. Everyone’s most hated email inbox occupier, Spam made up 54 per cent of all monitored email traffic (up 50 per cent) and the United States is the source of 58 per cent of all the spam found worldwide.
Future Watch:
No good news here. Future predictions and trends include speculation that polymorphic viruses will likely grow because the little bastards are difficult to find and kill. Also, web-based applications will increase attack potentials as the public moves to more online-based programs. This will inevitably mean more users will be exposed to attacks. Finally, with Microsoft being a target of a lot of the online action, the company’s upcoming Vista release — scheduled for release in 2007 — will be a battleground for new malicious attacks.
