Symantec: Data thieves thrive on zero-day flaws

By Bill Brenner, Senior News Writer 19 Mar 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Business was good for data thieves in the second half of 2006, as they aimed their botnets and Trojan horse programs at an increasing array of zero-day flaws and took full advantage of misplaced or stolen USB flash drives. IT administrators should shield their networks from those attacks and brace for fresh phishing scams and other exploits against Windows Vista, mobile devices and virtual environments.

That's the takeaway from Symantec Corp.'s threat report for the period, released on Monday. It covers the threat landscape over the six-month period between July 1 and Dec. 31, 2006 and is similar in many respects to the vendor's threat report for the first half of 2006.

Vincent Weafer, senior director of Symantec Security Response, in Cupertino, Calif., said attackers used 2006 to continue building themselves a foundation for crime.

"Attackers are focused on data leakage and malcode that targets specific organizations and it's all about how to get your data and your assets for financial gain," he said. "The data leakage problem is about the home user as well as the enterprise. Enterprises have a responsibility to protect data, and there's a wider area to worry about as they use more VoIP and smart phones. They need to know what information is going out [via that technology]."

Among the highlights of the latest report:

• Symantec reported more than 6 million distinct bot-infected computers worldwide during the second half of 2006, a 29% increase from the previous period. The number of command-and-control servers used to relay commands to these bots actually decreased by 25%, though Weafer attributes that to botnet owners consolidating their networks and increasing the size of their existing networks.
• Trojans accounted for 45% of the top 50 malware samples, a 23% increase over the first six months of the year.
• Twelve zero-day vulnerabilities were counted during the second half of 2006, marking a significant increase from the one zero-day flaw documented in the first half of the year.
• Digital miscreants are using underground economy servers to sell stolen information, including government-issued identity numbers, credit cards, bank cards and personal identification numbers (PINs), user accounts, and email address lists.
• Theft or loss of a computer or data storage medium, such as a USB thumb drive, made up 54% of all identity theft-related data breaches.
• Countries with the highest amount of malicious activity originating from their networks were the U.S. at 31%; China at 10% and Germany at 7%.

Attackers are focused on data leakage and malcode that targets specific organizations and it's all about how to get your data and your assets for financial gain. Vincent Weafer Senior Director, Symantec Security Response

Weafer said botnets and other malware are also increasingly used for extortion and intimidation. "The bad guys are saying 'pay me money or I'll give you a denial of service,'" he said.

Going forward, Symantec warned IT security professionals to prepare for:

• Threats against Windows Vista, with a focus on vulnerabilities, malicious code and attacks against the Teredo platform. Attackers will also target third-party applications that run on Vista.
• New phishing economies, with phishers expected to expand their targets to include new industry sectors like online gaming. The bad guys will also develop and implement new techniques to sneak past anti-phishing solutions such as block lists.
• An increase in spam and phishing attacks against mobile platforms.
• New attacks against virtual environments as a way to compromise host systems.

Tags: Windows Security: Alerts, Updates and Best Practices,  Enterprise Data Governance,  Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities Microsoft five critical updates won't include IIS Enterprise Data Governance Creating an enterprise data protection framework Analyst DLP study finds maturity, ranks top DLP vendors Voltage, RSA spar over tokenization, data protection Twitter gets condemned by CISOs at Forrester forum PCI DSS compliance requirements: Ensuring data integrity Trustwave acquires data loss prevention vendor Vericept Data has become too distributed to secure, Forrester says Cloud-based security services should start private Compliance in the cloud How to write technology outsourcing contracts Malware, Viruses, Trojans and Spyware Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary