Symantec Security Report Examines Second Half of 2007

Last week Symantec Corp released a security report summarizing findings from the last six months of 2007. Similar to findings in StopBadware’s Trends in Badware 2007 report, Symantec finds that badware, malware, spyware, and bots develop rapidly in the current internet environment.

Symantec reports that the second have of 2007 has seen a rapid expansion in the amount of bad code generated:
“In the second half of 2007, 499,811 new malicious code threats were reported to Symantec, a 136
percent increase over the first half of 2007.” Within this sample, the report states that:

• “Symantec identified 11,253 site-specific cross-site scripting vulnerabilities in the last six months of 2007, compared to 6,961 in the first half (though with measurement beginning only in February).”

Site-specific cross-site scripting is a technique used to initiate drive-by downloads, an increasingly popular method of distributing malicious code to users. These downloads can be executed in a variety of ways with iframes located within the body of a website or hidden in third party advertising.

• “The Symantec Probe Network detected a total of 207,547 unique phishing messages, a five percent increase over the first six months of 2007. This equates to an average of 1,134 unique phishing messages per day for the second half of 2007.”

• “Threats to confidential information made up 68 percent of the volume of the top 50 potential malicious code infections reported to Symantec.”

This threats relates to identity theft, bank or Paypal account information. In short, badware producers maintain their focus on these types of data, but are developing new methods of accessing it.

The Symantec report documents a shift towards organization, refinement, and a trend towards organization similar to legimitate industry. Matt Hines at PC World writes:
bq. “From the groups of exploit developers marketing malware toolkits to aspiring attackers to the people buying and selling stolen credentials, the entire landscape of electronic crime is taking off and increasingly resembles the security software community that is working to thwart it.”

The report also discusses an evolution occuring in Botnets. The number of command-and-controlled servers associated with botnets has declined, while the number of operational botnets has remained higher than expected. Symantec attributes decreases in the prevalence of botnets to “better detection solutions and methods,” and suggests that botnets are now being controlled through methods such as HTTP or P2P, both of which are currently more difficult to detect.