The Internet has always seemed like the Wild West, which is both good and bad. Anybody could take advantage of it, from bloggers wanting a soapbox to malicious hackers setting up spam networks. After all this time, one would think that the number of Trojans, phishing attacks, and other malware we have to deal would have gone down, especially since Microsoft has been touting improvements to their security. As a recent report from Symantec shows, however, things have been getting worse rather than better.
Contributed by Joe Eitel Rating: / 5 April 27, 2009
If, in the history of your life, you’ve used a computer, chances are you know what Norton Antivirus Software is. For those of you who live under a rock, Norton is heralded as the fastest virus, spyware, and Internet protection you can buy. The software, which is considered to provide award-winning protection, is manufactured bySymantec , a company devoted to helping consumers and organizations secure and manage their information-driven world.
Norton is perhaps one of Symantec’s most recognizable products; it works as part of Microsoft’s Windows security team, as Microsoft Windows Vista or XP are the only system requirements necessary for downloading and using Norton. According to Symantec’s website, the company takes great pride in the fact that their software and services protect against more risks at more points, more completely and efficiently, enabling consumers to feel safe no matter where their information is used and stored.
At just $60, Norton is considered quite a steal; especially considering the type of personal or financial information it is entrusted to protect on your home or office computer. The problem, however, is that even software as advanced as Norton may not be capable of protecting consumers as thoroughly as once previously believed.
The Symantec Internet Security Threat Report, which is released for the benefit of consumers and those in the media, offers analysis and discussion of threat activity over a one-year period. It covers Internet threat activities, vulnerabilities, malicious code, phishing, spam, and security risks, among other things. Previously presented every six months, this volume of theSymantec Global Internet Security Threat Reportwill alert readers to trends and impending threats that Symantec has observed for 2008.
The fourteenth version of this much-anticipated report was released on April 14, 2009 and is currently available forviewing. The report is not for the faint of heart -- or the paranoid. If you’re the type who finds themselves constantly worrying about your personal information online and views the Internet as a frightening, dangerous place full of digital pickpockets and online identity thieves, your fears will only be validated by Symantec’s findings.
We’ll get to the findings in a moment; first it’s important to understand just how thorough Symantec is when it comes to compiling their Internet security threat report. The Norton-creator has established some of the most comprehensive sources of Internet threat data in the world through their Global Intelligence Network.
More than 240,000 sensors in over 200 countries monitor attack activity through a combination of Symantec products and services, such as the company’s DeepSight Threat Management System, Managed Security Services and Norton consumer products, as well as additional third-party data sources. Symantec also gathers malicious code intelligence from more than 130 million client, server, and gateway systems that have deployed its antivirus products. Additionally, Symantec’s distributed honeypot network collects data from around the globe, capturing previously unseen threats and attacks and providing valuable insight into attacker methods.
How the Report Works
The Symantec Internet Security Threat Report essentially consists of four reports: the Global Internet Security Threat Report; the EMEA Internet Security Threat Report, for the Europe, Middle East, and Africa region; the APJ Internet Security Threat Report, for the Asia-Pacific/Japan region; and the Government Internet Security Threat Report, which focuses on threats of specific interest to governments and critical infrastructure sectors.
Together, these reports provide a detailed overview and analysis of Internet threat activity, malicious code, and known vulnerabilities. Trends in phishing and spam are also assessed, as are observed activities on underground economy servers. The company obviously doesn’t mess around when it comes to security threats, butexactly how safe were Internet users in 2008? The findings were quite grim.
The bad news is that the report found ahugeincrease in the number of security holes in software. Not only that, but there has also been a significant increase in the number of Internet threats encountered by consumers; particularly attacks in which browsers are hijacked and forced to download malicious programs as people surf the Web. Of all the news found in the report, that is perhaps the most troubling, as it is capable of affecting and interfering with the work of just about anyone who uses a computer on a daily basis, which is a great majority of us.
If you only visit a few “legitimate” trusted sites during the day, don’t feel as if you’re free and clear either. The report has even found that visiting trusted Web sites isn't always safe. As a matter of fact, it has been found that most Web-based attacks target visitors to legitimate Web sites that have been compromised and that either serve up malicious content to the visitor or embed a malicious and invisible iframe on the page that redirects the user's browser to another Web server under an attacker's control. Some of the common techniques used by attackers to compromise a website include exploiting a vulnerable Web application running on the server (by attacking through improperly secured input fields), or exploiting some vulnerability present in the underlying host operating system. In 2008 alone, there were 12,885 site-specific vulnerabilities identified, and 63 percent of those vulnerabilities documented affected Web applications.
In the case of a popular, trusted site with a large number of visitors, this type of exploitation can yield thousands of compromises from a single attack. For example, one attack that targeted the websites of both the United Nations and the UK government, among others, injected malicious code that was designed to load content from an attacker-controlled location into visitors’ browsers. Another separate attack successfully defaced the national Albanian postal service website! These kinds of clever attacks provide criminals with the perfect opportunity for distributing malicious code because they target high-traffic websites of reputable organizations.
According to Symantec’s distressing report, attacks are traded in underground channels, with people buying and selling software that automates attacks or even entire botnets of infected computers that serve as spam armies. Even more troubling, is has been found that the stolen data is then marketed and offered up with price lists and guarantees. Oddly, the price of stolen data remained the same in 2008 despite the fact that the economy took a nose dive, said Zulfikar Ramzan, a technical director at Symantec Security Response.
Web-based attacks are now the primary focus for malicious activity over the Internet. The continued growth of the Internet and the number of people increasingly using it for an extensive array of activities, such as online shopping or banking, presents attackers with a growing range of targets, as well as various means to launch malicious activity. Ironically, the top Web-based attack in 2008 exploited the Microsoft IE ADODB.Stream Object File Installation Weakness vulnerability, while the top attacked vulnerability was the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability.
Identity fraud is at the top of the list for many Americans when it comes to their fears. Having your identity stolen is a horrible, stressful thing to go through, and exposing your personal information online puts you at high risk.
Many of the findings in Symantec’s threat report pertain to identity fraud. For example, it has been found that nearly 80 percent of confidential information threats exposed user data and 76 percent used keystroke-logging to steal data like banking account credentials.
Also, twelve percent of all data breaches exposed credit card information, which is the most popular item for sale in the underground economy. Credit card data can range in price from 6 cents to $30, while bank account credentials range from $10 to $1,000 and e-mail accounts from 10 cents to $100. Most of the stolen credit card data for sale is from the United States.
Most data breaches that could lead to identity fraud were in the education sector, while the financial sector was the top industry for identities exposed. Theft or loss of equipment accounted for nearly half of data breaches that could lead to identity fraud and for 66 percent of identities exposed.
What Users Can Do
It’s obviously a shame that you must be cautions while surfing the web from the privacy of your own home, but in this day and age it’s become necessary to be as cautious as possible, especially when it comes to your personal information. Using Windows Security options, such as Norton, is a good place to start.
As we’ve learned, visiting trusted websites can sometimes be unsafe, but it’s important to just keep an eye out for anything unusual. If you receive unsolicited e–mails requesting personal or financial information, report them immediately. Also, being in the know about current online vulnerabilities will assist you in being able to detect anything unusual while online.
Symantec facilitates the “BugTraq,” which is a popular mailing list and forum for the disclosure and discussion of vulnerabilities on the Internet. The newsletter has approximately 50,000 subscribers who contribute, receive, and discuss vulnerability research on a daily basis.
Windows Security 
Microsoft Patch Update for July
