Online crime more sophisticated, professional: Symantec
Last Updated: Monday, March 19, 2007 | 8:55 AM ET
CBC News
Related
Internal Links
Online criminals looking for sensitive information are diversifying their strategies and turning their attention to lower-level vulnerabilities in software, security company Symantec said in a report released Monday.
"From an attack perspective, the line between high- and medium-severity vulnerabilities has blurred," Dean Turner of Symantec told CBC News Online. "In a way, that's good news. First, that's because there aren't as many high severity vulnerabilities and they get patched almost immediately."
But the same cannot be said of lesser security holes in software, he suggested. "Medium vulnerabilities remain unpatched for a longer term," making them ripe for exploitation, he said.
Malicious activity increasing
Turner was the principal author of Symantec's semi-annual Internet Security Threat Report, in which the company said it has, over the past year, observed a rise in malicious online activity, which now includes systematically co-ordinating various attack methods such as viruses, phishing, Trojans, bot networks and spam.
For example, a software vulnerability could be exploited by infecting a computer with a virus or Trojan — a program that appears to perform one function but disguises its malicious purpose — or tricking the user into disclosing sensitive information such as a password through a phishing scam.
The technique could enable the attacker to hijack a computer and turn it into part of a bot network that sends out infected e-mails or spam that lures more potential victims to a phishing or Trojan site that steals their information.
The value of the stolen information or finances to which it grants access is almost impossible to gauge, Turner told CBC News Online.
"It's hard to track real dollar amounts for this sort of thing," said Turner. "I've seen estimates of anywhere from hundreds of millions to billions of dollars. The truth is probably somewhere in between."
Turner said Symantec had observed that at least some of the malicious activity had shifted from something done by teenagers showing off to their peers to an almost normalized occupation.
"There's certainly a professional aspect," he said, citing the Bancos family of Trojans — which created fake login pages for certain Brazilian banking sites to steal usernames and passwords — as an example. "We felt it was a 9-to-5 job and when we looked at the release times and dates, that's what we found."
Attackers are also sending out more "pump and dump" stock spam, the report notes.
When a mass e-mail dupes enough people into investing in a stock to drive its price up, criminals can profit from the movement in the market, Turner said.
"These guys are sophisticated," Turner said. "We see a lot of spam disguised as legitimate looking investment newsletters."
New types of threats
The report, covering the period July 1 to Dec. 31, 2006, tracked a number of security threat indicators for the first time in response to trends Symantec had been observing, Turner said.
One such indicator was the origin of threats. Symantec noted the countries responsible for the most malicious activity, finding the United States was responsible for 31 per cent, followed by China with 10 per cent and Germany with seven per cent.
"Where you have the highest internet penetration will also be where you have the most malicious activity, so that's not surprising," Turner said.
'Where you have the highest internet penetration will also be where you have the most malicious activity.'—Dean Turner, Symantec
In contrast, the proportion of malicious activity attributable to a single user on average placed Israel at the top of the list of top 25 offenders. Israel was responsible for nine per cent of online attacks, followed closely by Taiwan at eight per cent and Poland with six.
Infected computers that were hijacked into being part of an active bot network that distributes malicious code or spam e-mail rose 11 per cent to about 63,912 infections a day, while the overall figure for compromised computers was 6,049,594, a 29 per cent increase over the first half of 2006.
The company tracked stolen data for the first time in the new report, finding that 51 per cent of trade in credit cards and stolen identities was conducted on computer servers in the U.S. The government sector worldwide led in potential identity theft data breaches, at a quarter of all such incidents.
Spam made up 59 per cent of all e-mail traffic observed, up five points over the first half of the year when it was 54 per cent.
The report also found that the number of vulnerabilities that were reported and exploitable on the same day rose sharply, with 12 of the so-called "zero-day" vulnerabilities in the latter half of 2006 compared to just one in the first part of the year.
Share Tools
Top News Headlines
- Adele wins best album, best record Grammys
- Adele capped off a "life-changing" year by winning six Grammys Sunday night, including record of the year and album of the year for 21 more »
- 'Disgusting' court backlog may free hit and run accused
- The family of a young mother killed in a hit and run is outraged that the case against the alleged driver is among thousands in B.C. at risk of being thrown out because of a huge court backlog. more »
- CBC launches digital music service
- CBC is diving into the world of online music with the goal of providing listeners access to their favourite tunes and a way to discover new artists and connect with fellow music fans. more »
- Whitney Houston death shows no signs of trauma
- Whitney Houston's life of glorious song and unnerving self-destruction apparently ended on Grammy weekend, but it could be weeks before investigators know exactly why she died. more »
Latest Technology & Science News Headlines
- CBC launches digital music service
- CBC is diving into the world of online music with the goal of providing listeners access to their favourite tunes and a way to discover new artists and connect with fellow music fans. more »
- Video game's 50th anniversary marked by MIT
- Students at MIT celebrated the 50th anniversary of Spacewar!, the first videogame in history, by re-creating it on a computer the size of a business card. more »
- NASA to scale back Mars exploration
- Scientists say NASA is about to propose major cuts in its exploration of other planets, especially Mars, with the space agency's former science chief calling the plan irrational. more »
- Create-your-own-app product to launch in Moncton
- A Moncton entrepreneur is hoping to revolutionize the way mobile applications are created by launching a new product that allows people to develop their own app within minutes. more »
Bob McDonald's Blog
Glacier Discovery Walk: Will the visitor centre enhance the view? Feb. 10, 2012 3:17 PM Environment minister Peter Kent has announced the construction of a new Glacier Discovery Walk and visitor centre on the Icefields Parkway in Jasper National Park. It raises the issue of how to balance commercial development in our National Parks against the preservation of the last refuges of wilderness.
Quirks & Quarks
- February 11: Inside the Mind of a Neandertal Feb. 10, 2012 4:01 PM Can we get inside the mind of a species that's been dead for 30,000 years? A new book, How to Think Like a Neanderthal, suggests we can. The authors reconstruct a creature like us in many ways, but with important differences.
Latest Features
- Adele wins best album, best record Grammys
- Whitney Houston autopsy results withheld
- Hit and run victim's family fears accused will walk
- Quebec town 'heartbroken' after killing of woman, sisters
- Pop queen Whitney Houston dies at 48
- Manitoba man dies after falling off moving SUV
- 2 vehicles sink on river highway
- Doors blocked in fatal Manitoba trailer blaze
- Greece passes new austerity deal amid rioting
