Symantec: spam, phishing grow, botnets shrink in '04

A new report released by security company Symantec found incidents of online identity theft scams, also known as "phishing attacks", skyrocketed in the second half of 2004, as did spam and new software vulnerabilities. But other Internet blights, such as zombie networks of compromised computers, or "bots", actually declined.

The number of phishing -mail messages intercepted by Symantec grew 300 per cent since June 2004, while spam email traffic intercepted by Symantec increased by 77 per cent and reports of serious software vulnerabilities grew by 13 per cent, according to the Symantec Internet Security Threat Report. Online fraud might be driving many of the trends, as attackers turn to strategies that were useful for identity theft and other online scams, senior director of engineering at Symantec Security Response, Alfred Huger, said.

The Symantec Internet Security Threat Report is a semi-annual report that brings together data from Symantec's global DeepSight network, customer networks and networks of decoy servers and e-mail accounts that the company maintains.

Symantec anti-fraud filters blocked 33 million phishing email messages each week by the end of the year, compared with just 9 million a week in mid-July.

The problem was not likely to abate, as online criminals got more sophisticated about spoofing legitimate email traffic, the report said.

Phishing scams use spam to direct Internet users to websites that are controlled by thieves, but designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, bank account information or a credit card number, often under the guise of updating an account.

The growth was part of a larger trend in fraud-related email, Huger said.

"We're seeing a financial motive behind the creation of malware," he said.

In all, Symantec noted a 64 per cent increase in all types of malicious software, including viruses and Trojan horse programs in the period covered by the report, a number that excluded both spyware and adware, Huger said.

One exception to that trend was PCs belonging to zombie "bot" networks. After surging in the first half of the year, the number of computers in bot networks (or botnets) decreased, from more than 30,000 bot systems scanning the Internet each day in July to fewer than 5000 a day by the end of the year, Symantec said.

Symantec did not cite a reason for the reduction, but said that action to shut down bot activity by large, international Internet service providers and the release of Microsoft's Windows XP Service Pack 2 update could account for the decline.

However, other explanations were possible, including a shift away from huge and persistent botnets, towards smaller networks that stayed online for shorter periods, Symantec said.

Behind the scenes, there is still plenty of interest in bot software. The number of new variants for bot software increased dramatically in the period covered by the study.

For example, Symantec collected 4288 unique variants of Spybot, a family of bot software, in the second half of the year - around 23 new variants of the software every day, Huger said.

"That's the biggest leap we've ever seen, and it tells us that people are iterating the code to make it more successful, and also that there are more people in the game of writing [bot] variants," he said.

Bots and bot networks that are used in attacks for financial gain would continue to be a problem in the next six months, Symantec said. The company also predicted that worms and viruses that target vulnerabilities on software clients would become a bigger problem, and that attacks on mobile device platforms and the heretofore ignored Apple's Mac operating system.

A growing number of software vulnerabilities were also fueling the rise in malicious code, Huger said.

Symantec documented more than 1403 new vulnerabilities between July 1, 2004 and December 31, 2004, an average of 54 vulnerabilities per week, compared with 48 per week in the first half of the year, Symantec said.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Most Popular Reviews

Best Deals on PC World

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?