A new report released by security company Symantec found incidents of online identity theft scams, also known as "phishing attacks", skyrocketed in the second half of 2004, as did spam and new software vulnerabilities. But other Internet blights, such as zombie networks of compromised computers, or "bots", actually declined.
The number of phishing -mail messages intercepted by Symantec grew 300 per cent since June 2004, while spam email traffic intercepted by Symantec increased by 77 per cent and reports of serious software vulnerabilities grew by 13 per cent, according to the Symantec Internet Security Threat Report. Online fraud might be driving many of the trends, as attackers turn to strategies that were useful for identity theft and other online scams, senior director of engineering at Symantec Security Response, Alfred Huger, said.
The Symantec Internet Security Threat Report is a semi-annual report that brings together data from Symantec's global DeepSight network, customer networks and networks of decoy servers and e-mail accounts that the company maintains.
Symantec anti-fraud filters blocked 33 million phishing email messages each week by the end of the year, compared with just 9 million a week in mid-July.
The problem was not likely to abate, as online criminals got more sophisticated about spoofing legitimate email traffic, the report said.
Phishing scams use spam to direct Internet users to websites that are controlled by thieves, but designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, bank account information or a credit card number, often under the guise of updating an account.
The growth was part of a larger trend in fraud-related email, Huger said.
"We're seeing a financial motive behind the creation of malware," he said.
In all, Symantec noted a 64 per cent increase in all types of malicious software, including viruses and Trojan horse programs in the period covered by the report, a number that excluded both spyware and adware, Huger said.
One exception to that trend was PCs belonging to zombie "bot" networks. After surging in the first half of the year, the number of computers in bot networks (or botnets) decreased, from more than 30,000 bot systems scanning the Internet each day in July to fewer than 5000 a day by the end of the year, Symantec said.
Symantec did not cite a reason for the reduction, but said that action to shut down bot activity by large, international Internet service providers and the release of Microsoft's Windows XP Service Pack 2 update could account for the decline.
However, other explanations were possible, including a shift away from huge and persistent botnets, towards smaller networks that stayed online for shorter periods, Symantec said.
Behind the scenes, there is still plenty of interest in bot software. The number of new variants for bot software increased dramatically in the period covered by the study.
For example, Symantec collected 4288 unique variants of Spybot, a family of bot software, in the second half of the year - around 23 new variants of the software every day, Huger said.
"That's the biggest leap we've ever seen, and it tells us that people are iterating the code to make it more successful, and also that there are more people in the game of writing [bot] variants," he said.
Bots and bot networks that are used in attacks for financial gain would continue to be a problem in the next six months, Symantec said. The company also predicted that worms and viruses that target vulnerabilities on software clients would become a bigger problem, and that attacks on mobile device platforms and the heretofore ignored Apple's Mac operating system.
A growing number of software vulnerabilities were also fueling the rise in malicious code, Huger said.
Symantec documented more than 1403 new vulnerabilities between July 1, 2004 and December 31, 2004, an average of 54 vulnerabilities per week, compared with 48 per week in the first half of the year, Symantec said.