Symantec: spam, phishing grow, botnets shrink in '04

Symantec's latest Internet Security Threat Report found phishing scams and spam growing, botnets shrinking.

A new report released by security company Symantec found that incidents of online identity theft scams, also known as "phishing attacks," skyrocketed in the second half of 2004, as did spam and new software vulnerabilities. But other Internet blights, such as zombie networks of compromised computers, or "bots," actually declined.

The number of phishing e-mail messages intercepted by Symantec grew 300 percent since June 2004, while spam e-mail traffic intercepted by Symantec increased by 77 percent and reports of serious software vulnerabilities grew by 13 percent, according to the Symantec Internet Security Threat Report. Online fraud may be driving many of the trends, as attackers turn to strategies that are useful for identity theft and other online scams, said Alfred Huger, senior director of engineering at Symantec Security Response.

The Symantec Internet Security Threat Report is a semi-annual report that brings together data from Symantec's global DeepSight network, customer networks and networks of decoy servers and e-mail accounts that the company maintains.

Symantec anti-fraud filters blocked 33 million phishing e-mail messages each week by the end of the year, compared with just 9 million a week in mid July. The problem is not likely to abate, as online criminals get more sophisticated about spoofing legitimate e-mail traffic, the report said.

Phishing scams use spam to direct Internet users to Web sites that are controlled by thieves, but designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, bank account information or a credit card number, often under the guise of updating an account.

The growth is part of a larger trend in fraud-related e-mail, said Huger. "We're seeing a financial motive behind the creation of malware," he said.

In all, Symantec noted a 64 percent increase in all types of malicious software, including viruses and Trojan horse programs in the period covered by the report, a number that excludes both spyware and adware, Huger said.

One exception to that trend was PCs belonging to zombie "bot" networks. After surging in the first half of the year, the number of computers in bot networks (or botnets) decreased, from more than 30,000 bot systems scanning the Internet each day in July to fewer than 5,000 a day by the end of the year, Symantec said.

Symantec did not cite a reason for the reduction, but said that action to shut down bot activity by large, international Internet service providers and the release of Microsoft's Windows XP Service Pack 2 update could account for the decline. However, other explanations are possible, including a shift away from huge and persistent botnets, towards smaller networks that stay online for shorter periods, Symantec said.

Behind the scenes, there is still plenty of interest in bot software. The number of new variants for bot software increased dramatically in the period covered by the study. For example, Symantec collected 4,288 unique variants of Spybot, a family of bot software, in the second half of the year -- around 23 new variants of the software every day, Huger said.

"That's the biggest leap we've ever seen, and it tells us that people are iterating the code to make it more successful, and also that there are more people in the game of writing (bot) variants," he said.

Bots and bot networks that are used in attacks for financial gain will continue to be a problem in the next six months, Symantec said. The company also predicted that worms and viruses that target vulnerabilities on software clients will become a bigger problem, and that attacks on mobile device platforms and the heretofore ignored Apple Computer's Mac operating system.

A growing number of software vulnerabilities are also fueling the rise in malicious code, Huger said.

Symantec documented more than 1,403 new vulnerabilities between July 1, 2004 and Dec. 31, 2004, an average of 54 vulnerabilities per week, compared with 48 per week in the first half of the year, Symantec said.

That growth is significant for companies that are already trying to compensate for a large number of vulnerabilities each day, Huger said.

Web applications were a rich new source of security holes, Symantec said. In the second half of 2004, 48 percent of all the vulnerabilities reported were found in Web applications, he said.

To address the growth in reported vulnerabilities, companies that develop software have to do a better job educating developers to write more secure code, Huger said.

Companies and individuals also need to follow "best practices," such as cutting of unneeded services, staying on top of software patches and enforcing password use, Symantec said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

IDG News Service
Show Comments

Brand Post

Imou: At home with security

Modern living is all about functionality and security for everybody from the very young to the very old. With Imou anybody can enjoy smart life – the solution is at their fingertips.

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?