Symantec: spam, phishing grow, botnets shrink in '04

Symantec's latest Internet Security Threat Report found phishing scams and spam growing, botnets shrinking.

A new report released by security company Symantec found that incidents of online identity theft scams, also known as "phishing attacks," skyrocketed in the second half of 2004, as did spam and new software vulnerabilities. But other Internet blights, such as zombie networks of compromised computers, or "bots," actually declined.

The number of phishing e-mail messages intercepted by Symantec grew 300 percent since June 2004, while spam e-mail traffic intercepted by Symantec increased by 77 percent and reports of serious software vulnerabilities grew by 13 percent, according to the Symantec Internet Security Threat Report. Online fraud may be driving many of the trends, as attackers turn to strategies that are useful for identity theft and other online scams, said Alfred Huger, senior director of engineering at Symantec Security Response.

The Symantec Internet Security Threat Report is a semi-annual report that brings together data from Symantec's global DeepSight network, customer networks and networks of decoy servers and e-mail accounts that the company maintains.

Symantec anti-fraud filters blocked 33 million phishing e-mail messages each week by the end of the year, compared with just 9 million a week in mid July. The problem is not likely to abate, as online criminals get more sophisticated about spoofing legitimate e-mail traffic, the report said.

Phishing scams use spam to direct Internet users to Web sites that are controlled by thieves, but designed to look like legitimate e-commerce sites. Users are asked to provide sensitive information such as a password, bank account information or a credit card number, often under the guise of updating an account.

The growth is part of a larger trend in fraud-related e-mail, said Huger. "We're seeing a financial motive behind the creation of malware," he said.

In all, Symantec noted a 64 percent increase in all types of malicious software, including viruses and Trojan horse programs in the period covered by the report, a number that excludes both spyware and adware, Huger said.

One exception to that trend was PCs belonging to zombie "bot" networks. After surging in the first half of the year, the number of computers in bot networks (or botnets) decreased, from more than 30,000 bot systems scanning the Internet each day in July to fewer than 5,000 a day by the end of the year, Symantec said.

Symantec did not cite a reason for the reduction, but said that action to shut down bot activity by large, international Internet service providers and the release of Microsoft's Windows XP Service Pack 2 update could account for the decline. However, other explanations are possible, including a shift away from huge and persistent botnets, towards smaller networks that stay online for shorter periods, Symantec said.

Behind the scenes, there is still plenty of interest in bot software. The number of new variants for bot software increased dramatically in the period covered by the study. For example, Symantec collected 4,288 unique variants of Spybot, a family of bot software, in the second half of the year -- around 23 new variants of the software every day, Huger said.

"That's the biggest leap we've ever seen, and it tells us that people are iterating the code to make it more successful, and also that there are more people in the game of writing (bot) variants," he said.

Bots and bot networks that are used in attacks for financial gain will continue to be a problem in the next six months, Symantec said. The company also predicted that worms and viruses that target vulnerabilities on software clients will become a bigger problem, and that attacks on mobile device platforms and the heretofore ignored Apple Computer's Mac operating system.

A growing number of software vulnerabilities are also fueling the rise in malicious code, Huger said.

Symantec documented more than 1,403 new vulnerabilities between July 1, 2004 and Dec. 31, 2004, an average of 54 vulnerabilities per week, compared with 48 per week in the first half of the year, Symantec said.

That growth is significant for companies that are already trying to compensate for a large number of vulnerabilities each day, Huger said.

Web applications were a rich new source of security holes, Symantec said. In the second half of 2004, 48 percent of all the vulnerabilities reported were found in Web applications, he said.

To address the growth in reported vulnerabilities, companies that develop software have to do a better job educating developers to write more secure code, Huger said.

Companies and individuals also need to follow "best practices," such as cutting of unneeded services, staying on top of software patches and enforcing password use, Symantec said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

IDG News Service
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?