Malicious attack trends: good, bad, and worse

So, who is the enemy? When fighting malicious hackers and malware, it helps to know who the enemy is. Symantec’s Internet Security Threat Report, Vol. VIII is a good place to start. Its findings echo InfoWorld’s own security survey and report.

Even though the Symantec report represents just one vendor’s view on the changing threat space, Symantec is pulling its data from 24,000 sensors in more than 180 companies participating in its DeepSight Threat Management System and Symantec Managed Security Services. Here are some of the most interesting points:

-- Overall number of attacks against a particular site in a given day have decreased.

-- Increase of hacking for profit: If you haven’t learned this point yet, hacking is big business now. Hacking used to be for script kiddies and technical wizards trying to prove a point and gain Net cred. Today, they are being crowded out by hackers making a living. Hackers use increasingly sophisticated worms, Trojans, and bots that they then sell to the highest bidder. Bidders are looking to send spam and adware, increase click-through rates, implement random DoS attacks, and steal credit card information, identity information, corporate information, and anything else that will turn a quick profit.

-- Increase in bot nets (closely related to the first point).

-- Information theft is on the rise. Seventy-four percent of most popular code submitted to Symantec had the ability to steal information. Again, this is strongly related to the first two points.

-- Nearly 11,000 new malware programs were identified in the first half of 2005 -- up 48 percent from 2004. Most of the increase is due to variants.

-- Mozilla-based browsers had more vulnerabilities than Internet Explorer in 2005. Per http://www.secunia.com, Firefox had 20 vulnerabilities vs. IE’s 12, and Firefox had more critical vulnerabilities that allowed complete system compromise. This, of course, doesn’t mean that Firefox is more risky; it’s newer and is expected to have more bugs initially, but it does mean that open source browsers aren’t a defensive panacea. Can anyone code a secure, usable browser that substantially withstands the hacker threat that accompanies larger market shares? It would be interesting to see how Opera would handle increased scrutiny if it gained a larger market share.

-- Spam still accounts for the majority of e-mail on the Internet today. Nearly two years since President Bush signed the Can Spam law, spam control is no better than it was then. There may have been some token arrests, but when a convicted spammer is only paying negotiated fines that he can make back in a day, what's the incentive to be scared of actual prosecution? Of course, anyone really interested in fighting spam was against the defanged Can Spam legislation in the first place -- it was a spam giveaway. Anybody in Congress paying attention?

-- Phishing attacks increased in 2005.

-- SQL Slammer worm-style attack code was the most popular attack by a wide margin against a network. Remember, old exploits often cause more damage than the new stuff.