From the Security Experts

April 14, 2009

Computer Security Threat: Malicious Code Growing at Record Pace

By SIP Trunking Report Editor

As IT security experts warn taxpayers about the potential for cyber-criminal activity as they file confidential documents with the IRS, a Cupertino, California-based security, storage and systems management solutions provider today says that it’s seen malicious code grow at a record pace.

Officials with Symantec Corp. say in their new report that the malicious code primarily targets computer users’ confidential information.
According to Stephen Trilling, vice president of the company’s security technology and response group, Symantec also is seeing attackers shift away from mass distribution of a few threats to micro-distribution of millions of distinct threats.
“Cybercriminals are profiting from creating and distributing customized threats that steal confidential information, particularly bank account credentials and credit card data,” Trilling said. “While the above ground economy suffers, the underground economy has remained consistently steady.”
That recalls some of what TMCnet heard recently from the world’s largest maker of computer networking gear. Officials at Cisco Systems Inc. say that cyber-criminals’ attacks are becoming more targeted and sophisticated.
Also, security experts from Google Inc. told us in an interview here that spammers are leveraging people’s fears in this down economy.
Here’s a look at new malicious code threats, according to Symantec:
According to Adam Swidler, a product marketing manager at Google, spammers have become more media-savvy and are using “newsy” hooks – such as an economic recession that’s fueled record unemployment levels – to get computer users to click on infected items, add a machine to a botnet and introduce malware.
“The big thing is that spammers are taking advantage of the economic situation and the kind of stress that people are feeling every day,” Swidler told TMCnet. “They’re developing content that’s related to preying upon that insecurity and people’s uncertainty, whether it’s refinancing a house, improving a resume or continuing education. In general, what we’ve seen from spammers is the ability to take advantage of what is going on.”
Symantec says in a new report, “Internet Security Threat Report Volume XIV,” that it created more than 1.6 million new malicious code signatures last year – more than 60 percent of the total malicious code signatures ever created by Symantec. The signatures helped Symantec block an average of more than 245 million attempted malicious code attacks across the globe each month during 2008, company officials say.
Here’s a look at how Symantec breaks down phish sectors by volume of phishing lures:
According to the company’s report, Web surfing is the primary source of new infections, with attackers relying more and more on customized malicious code toolkits to develop and distribute their threats. Also, 90 percent of all threats detected by Symantec during the study period attempt to steal confidential information. Threats with a keystroke-logging capability – which can be used to steal information such as online bank account credentials – made up 76 percent of threats to confidential information, up from 72 percent in 2007.
Marc Fossi, executive editor of Symantec’s new report, said that innocent Web surfers can visit a compromised Web site and unknowingly place their personal and financial information at risk.
“Computer users have to be extra vigilant about their security practices,” Fossi said.

Don’t forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users.

Michael Dinan is a contributing editor for TMCnet, covering news in the IP communications, call center and customer relationship management industries. To read more of Michael's articles, please visit his columnist page.

Edited by Michael Dinan