A new report released by security company Symantec found that incidents of online identity theft scams, also known as "phishing attacks," skyrocketed in the second half of 2004, as did spam and new software vulnerabilities. But other Internet blights, such as zombie networks of compromised computers, or "bots," actually declined.
The number of phishing e-mail messages intercepted by Symantec grew 300 percent since June 2004, while spam e-mail traffic intercepted by Symantec increased by 77 percent and reports of serious software vulnerabilities grew by 13 percent, according to the Symantec Internet Security Threat Report. Online fraud may be driving many of the trends, as attackers turn to strategies that are useful for identity theft and other online scams, said Alfred Huger, senior director of engineering at Symantec Security Response.
The Symantec Internet Security Threat Report is a semi-annual report that brings together data from Symantec's global DeepSight network, customer networks and networks of decoy servers and e-mail accounts that the company maintains.
Symantec anti-fraud filters blocked 33 million phishing e-mail messages each week by the end of the year, compared with just 9 million a week in mid July. The problem is not likely to abate, as online criminals get more sophisticated about spoofing legitimate e-mail traffic, the report said.
Phishing scams use spam to direct Internet users to Web sites that are controlled by thieves, but designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, bank account information or a credit card number, often under the guise of updating an account.
The growth is part of a larger trend in fraud-related e-mail, said Huger. "We're seeing a financial motive behind the creation of malware," he said.
In all, Symantec noted a 64 percent increase in all types of malicious software, including viruses and Trojan horse programs in the period covered by the report, a number that excludes both spyware and adware, Huger said.
One exception to that trend was PCs belonging to zombie "bot" networks. After surging in the first half of the year, the number of computers in bot networks (or botnets) decreased, from more than 30,000 bot systems scanning the Internet each day in July to fewer than 5,000 a day by the end of the year, Symantec said.
Symantec did not cite a reason for the reduction, but said that action to shut down bot activity by large, international Internet service providers and the release of Microsoft's Windows XP Service Pack 2 update could account for the decline. However, other explanations are possible, including a shift away from huge and persistent botnets, towards smaller networks that stay online for shorter periods, Symantec said.
Behind the scenes, there is still plenty of interest in bot software. The number of new variants for bot software increased dramatically in the period covered by the study. For example, Symantec collected 4,288 unique variants of Spybot, a family of bot software, in the second half of the year -- around 23 new variants of the software every day, Huger said.
"That's the biggest leap we've ever seen, and it tells us that people are iterating the code to make it more successful, and also that there are more people in the game of writing (bot) variants," he said.
Bots and bot networks that are used in attacks for financial gain will continue to be a problem in the next six months, Symantec said. The company also predicted that worms and viruses that target vulnerabilities on software clients will become a bigger problem, and that attacks on mobile device platforms and the heretofore ignored Apple Computer's Mac operating system.
A growing number of software vulnerabilities are also fueling the rise in malicious code, Huger said.
Symantec documented more than 1,403 new vulnerabilities between July 1, 2004 and Dec. 31, 2004, an average of 54 vulnerabilities per week, compared with 48 per week in the first half of the year, Symantec said.
That growth is significant for companies that are already trying to compensate for a large number of vulnerabilities each day, Huger said.
Web applications were a rich new source of security holes, Symantec said. In the second half of 2004, 48 percent of all the vulnerabilities reported were found in Web applications, he said.
To address the growth in reported vulnerabilities, companies that develop software have to do a better job educating developers to write more secure code, Huger said.
Companies and individuals also need to follow "best practices," such as cutting of unneeded services, staying on top of software patches and enforcing password use, Symantec said.