World Wide Web wicked

By Leon Engelbrecht for Symantec
Johannesburg, 10 Apr 2008

The chances of being digitally mugged at any stop-over along the information superhighway are becoming increasingly real, says Symantec.

The security software vendor`s latest Internet Security Threat Report (ISTR), Volume XIII says the Web is now the primary conduit of attack activity. It further warns that online users are increasingly at risk of malware infection by simply visiting every-day Web sites.

The report is derived from data collected by millions of Internet sensors, first-hand research and active monitoring of hacker communications and provides a global view of the state of Internet security.

In the past, users had to visit intentionally malicious sites or click on malicious e-mail attachments to become a victim of a security threat. Today, hackers are compromising legitimate Web sites and using them as a distribution medium to attack home and enterprise computers. Symantec noticed that attackers are particularly targeting sites that are likely to be trusted by end users, such as social networking sites.

"This information is not based on surveys, but on a global intelligence network we have built," says Symantec`s regional director for Africa, Patrick Evans, of the report and its findings. "This is what we see, it is based on reality, not perceptions."

Attackers are leveraging site-specific vulnerabilities that can then be used as a means for launching other attacks. During the last six months of 2007, there were 11 253 site-specific cross-site scripting vulnerabilities reported on the Internet; these represent vulnerabilities in individual Web sites.

However, only 473 (about 4%) of them had been patched by the administrator of the affected Web site during the same period, representing an enormous window of opportunity for hackers looking to launch attacks. Government was the top industry sector for identities exposed, accounting for 60% of the total, an increase from 12% in the previous reporting period.

Phishing

The Symantec report notes that phishing also continues to be a problem. The company says it observed 87 963 phishing hosts in the last six months of 2007 - computers that can host one or more phishing Web sites. This is an increase of 167% from the first half of 2007. Eighty percent of brands targeted by phishing attacks during the study period were in the financial sector.

The report also found that attackers are seeking confidential end-user information that can be fraudulently used for financial gain and are less focused on the computer or device containing the information. Prevalent malicious threats reported to Symantec were attempts to compromise confidential information.

"The real threat with identity theft is not someone stealing money from your bank account," adds Evans. "The real threat is that you [through your stolen identity] are unwittingly laundering drug money in Uzbekistan." A full identity, the report notes, can be purchased in the underground economy for as little as R7.79 ($1).

Organised crime

Evans says online crime is becoming increasingly sophisticated and hence organised. Attackers are leveraging a maturing underground economy to buy, sell and trade stolen information. The Symantec report adds that this economy is now characterised by a number of traits common in traditional economies.

"The price of a credit card in this underground market is determined by factors such as the location of the issuing bank. Credit cards from the European Union, for example, cost more than those from the US; this is most likely due to the smaller supply of cards circulating in the EU, which makes the card more valuable to a criminal. Bank account credentials have become the most frequently advertised item, making up 22% of all goods and selling for as little as R77.90 ($10)."

Symantec measured the release of both legitimate and malicious software during a portion of the reporting period and found that 65% of the 54 609 unique applications released to the public were categorised as malicious. This is the first time Symantec observed malicious software outpacing legitimate applications.