What Are the Web's Worst Security Problems?

Phishing scams and spam are on the rise, while botnets are shrinking, Symantec says.

Paul Roberts, IDG News Service

A new report released by security company Symantec found that incidents of online identity theft scams, also known as "phishing attacks," skyrocketed in the second half of 2004, as did spam and new software vulnerabilities. But other Internet blights, such as zombie networks of compromised computers, or "bots," actually declined.

The number of phishing e-mail messages intercepted by Symantec grew 300 percent since June 2004, while spam e-mail traffic intercepted by Symantec increased by 77 percent and reports of serious software vulnerabilities grew by 13 percent, according to the Symantec Internet Security Threat Report. Online fraud may be driving many of the trends, as attackers turn to strategies that are useful for identity theft and other online scams, says Alfred Huger, senior director of engineering at Symantec Security Response.

The Symantec Internet Security Threat Report is a semi-annual report that brings together data from Symantec's global DeepSight network, customer networks, and networks of decoy servers and e-mail accounts that the company maintains.

Going Phishing

Symantec anti-fraud filters blocked 33 million phishing e-mail messages each week by the end of the year, compared with just 9 million a week in mid July. The problem is not likely to abate, as online criminals get more sophisticated about spoofing legitimate e-mail traffic, the report says.

Phishing scams use spam to direct Internet users to Web sites that are controlled by thieves, but are designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, bank account information, or a credit card number, often under the guise of updating an account.

The growth is part of a larger trend in fraud-related e-mail, says Huger. "We're seeing a financial motive behind the creation of malware," he says.

In all, Symantec noted a 64 percent increase in all types of malicious software, including viruses and Trojan horse programs in the period covered by the report, a number that excludes both spyware and adware, Huger says.

Attack of the Zombies

One exception to that trend was PCs belonging to zombie "bot" networks. After surging in the first half of the year, the number of computers in bot networks (or botnets) decreased, from more than 30,000 bot systems scanning the Internet each day in July to fewer than 5000 a day by the end of the year, Symantec says.

Symantec did not cite a reason for the reduction, but says that action to shut down bot activity by large, international Internet service providers and the release of Microsoft's Windows XP Service Pack 2 update could account for the decline. However, other explanations are possible, including a shift away from huge and persistent botnets, towards smaller networks that stay online for shorter periods, Symantec says.

Behind the scenes, there is still plenty of interest in bot software. The number of new variants for bot software increased dramatically in the period covered by the study. For example, Symantec collected 4288 unique variants of Spybot, a family of bot software, in the second half of the year--around 23 new variants of the software every day, Huger says.

"That's the biggest leap we've ever seen, and it tells us that people are iterating the code to make it more successful, and also that there are more people in the game of writing [bot] variants," he says.

Bots and bot networks that are used in attacks for financial gain will continue to be a problem in the next six months, Symantec says. The company also predicted that worms and viruses that target vulnerabilities on software clients will become a bigger problem, and that attacks on mobile device platforms and the heretofore ignored Apple Computer's Mac operating system.

Software Flaws

A growing number of software vulnerabilities are also fueling the rise in malicious code, Huger says.

Symantec documented more than 1403 new vulnerabilities between July 1, 2004 and December 31, 2004, an average of 54 vulnerabilities per week, compared with 48 per week in the first half of the year, Symantec says.

That growth is significant for companies that are already trying to compensate for a large number of vulnerabilities each day, Huger says.

Web applications were a rich new source of security holes, Symantec says. In the second half of 2004, 48 percent of all the vulnerabilities reported were found in Web applications, he says.

To address the growth in reported vulnerabilities, companies that develop software have to do a better job educating developers to write more secure code, Huger says.

Companies and individuals also need to follow "best practices," such as cutting of unneeded services, staying on top of software patches and enforcing password use, Symantec says.