Online security specialist Symantec Corporation, creator of virus stopper Norton this past week published “Internet Security Threat Report (ISTR), Volume XIII” which reports the world is now home to more than one million malicious viruses, worms and Trojans — or malware as they are referred to.
The report also states online users can increasingly be infected simply by visiting everyday Web sites.
Overall, in 2007, Symantec detected 711,912 new threats compared to 125,243 in 2006 – an increase of 468 percent; this brings the total number of malicious code threats detected by Symantec to 1,122,311 as of the end of 2007.
The report is derived from data collected by millions of Internet sensors, first-hand research and active monitoring of hacker communications and provides a global view of the state of Internet security.
In the past, users had to visit intentionally malicious sites or click on malicious email attachments to become a victim of a security threat. Today, hackers are compromising legitimate Web sites and using them as a distribution medium to attack home and enterprise computers. Symantec noticed that attackers are particularly targeting sites that are likely to be trusted by end users, such as social networking sites.
Phishing also continues to be a problem. In the last six months of 2007, Symantec observed 87,963 phishing hosts – computers that can host one or more phishing Web sites. This is an increase of 167 percent from the first half of 2007. Eighty percent of brands targeted by phishing attacks during the study period were in the financial sector.
“Avoiding the dark alleys of the Internet was sufficient advice in years past,” said Stephen Trilling, vice president, Symantec Security Technology and Response. “Today’s criminal is focused on compromising legitimate Web sites to launch attacks on end-users, which underscores the importance of maintaining a strong security posture no matter where you go and what you do on the Internet.”
The report also found that attackers are seeking confidential end-user information that can be fraudulently used for financial gain and are less focused on the computer or device containing the information.
Attackers are leveraging a maturing underground economy to buy, sell and trade stolen information. This economy is now characterized by a number of traits common in traditional economies. Market forces of supply and demand were found to have a direct impact on pricing.
Stolen credit card information, accounted for 13 percent of all advertised goods – down from 22 percent in the previous period and sold for as low as $0.40. The price of a credit card in this underground market is determined by factors such as the location of the issuing bank. Credit cards from the European Union, for example, cost more than those from the United States; this is most likely due to the smaller supply of cards circulating in the E.U which makes the card more valuable to a criminal.
Bank account credentials have become the most frequently advertised item making up 22 percent of all goods and selling for as little as $10.