Monthly newsletter Weekly news roundup Breaking news notification    

UK is top of the bots

Get free weekly news by e-mailThe UK has emerged as the country with the highest percentage of worldwide bot-infected computers, according to the latest Symantec Internet Security Threat Report.  Britain has more than a quarter (25.2 per cent) of all bots – software programs that are covertly installed on computers allowing unauthorised access for malicious purposes like identity theft and online fraud – with the US (24.6 per cent) and China (7.8 per cent) in second and third place. 

The statistics, taken from Symantec’s global Threat Report for the period July to December 2004, are based on the number of computers worldwide that are known to be infected with bots and the percentage situated in each country. Knowing where bot-infected computers are located is important, as a high percentage of infected machines could lead to a greater potential for bot-related attacks, and it provides an indication of the level of security awareness in different countries.

While, overall, the number of bot-infected computers declined from 30,000+ a day in July to an average of less than 5,000 a day by December, the severity and risks associated with them continues to be a major problem, most notably with a shift towards bots and bot networks being used for financial gain.

“The fact that Britain has the highest percentage of bot infections is significant because it is directly linked to the rapid roll-out of broadband in this country,” explained Nigel Beighton, Symantec’s Director of Enterprise Strategy, EMEA.  “We saw 93 percent growth in broadband connections last year and this has had a huge impact on the number of people accessing the Internet. 

“Unfortunately, new broadband users may not be fully aware of the additional safety precautions that need to be taken when using an always-on high-speed Internet connection.  Clearly, awareness around security issues is improving and it’s making a notable difference, but education still remains the number one challenge.”

Attack trends:
* Organisations received 13.6 attacks per day, up from 10.6 in the previous six months.

* The United States continues to be the top attack source country, followed by China and Germany.

* For the third reporting period, the Microsoft SQL Server Resolution Service Stack Overflow Attack (formerly known as the Slammer attack) was the most common attack, used by 22 per cent of all attackers.  The second most common attack was the TCP SYN Flood Denial of Service Attacked, which was launched by 12 per cent of attackers.

* The financial services sector experienced the highest ratio of severe attacks, with 16 severe events per 10,000 security events.

* Known bot network computers declined from over 30,000 per day in late July to an average of below 5,000 per day by the end of the year.  The United Kingdom had a higher percentage of bot-infected computers than any other country

Vulnerability trends:
* The time between the disclosure of a vulnerability and the release of associated exploit code remained extremely short at 6.4 days.

* Symantec documented 1,403 new vulnerabilities, a 13 percent increase over the previous six-month period. Ninety-seven per cent of documented vulnerabilities were considered either highly or moderately severe. Moreover, 70 percent of all documented vulnerabilities were classified as easily exploitable.

* Web application vulnerabilities made up 48 percent of all vulnerabilities disclosed, up from 39 percent in the first half of 2004. Vulnerabilities targeting Web applications are often classified as easily exploitable.

* Vulnerabilities are affecting new alternative browser distributions. During the last six months of 2004, 21 vulnerabilities affecting Mozilla browsers were disclosed, compared to 13 vulnerabilities affecting Microsoft Internet Explorer. Six vulnerabilities were reported in Opera.

Malicious code trends:
* As in previous reports, mass-mailing worms dominated the top malicious code reported over the last six months of 2004. Eight of the top 10 samples reported to Symantec during this period were variants of mass-mailer worms that have been seen in previous reports, including Netsky, Sober, Beagle, and MyDoom.

* Two bots were present in the top 10 malicious code samples, compared to just one in the previous reporting period. Gaobot was the third most frequently reported sample over the past six months, followed by Spybot. Moreover, 4,300 new distinct variants of Spybot were reported, an increase of 180 per cent over the previous six months.

* Symantec documented more than 7,360 new Windows 32 viruses and worms, an increase of 64 per cent over the first half of the year and an increase of more than 332 per cent over the 1,702 documented in the second half of 2003. As of Dec. 31, 2004, the total number of Windows 32 variants approached 17,500.

* Malicious code that exposes confidential information made up 54 percent of the top 50 malicious code samples, up from 44 percent in the previous reporting period and 36 percent in the second half of 2003. This represents a 23 percent increase between the current period and the first half of 2004 and a 50 percent increase over the same period the previous year.

* At the end of the reporting period, there were 21 known samples of malicious code for mobile applications, up from one—the Cabir worm—in June 2004. Among the new threats were the Duts virus, the first threat to Windows CE; and the Mos Trojan, which was discovered in a Symbian game.

Additional security risks:
* By the end of December 2004, Symantec Brightmail AntiSpam antifraud filters were blocking an average of 33 million phishing attempts per week, up from an average of 9 million per week in July 2004.  This represents an increase of over 366 per cent.

* In the last six months of 2004, adware programs made up five per cent of the top 50 Symantec customer reports, up from four percent in the previous report. Iefeats was the most commonly reported adware program, accounting for 36 percent of top 10 reports.

* Webhancer was the most frequently reported spyware program during the second half of 2004, representing 38 per cent of the top 10 spyware reported.

* Five of the top 10 adware reported samples were installed via a Web browser. Nine of the top 10 reported spyware programs were bundled with other software.

* Symantec reported a 77 percent growth in spam for companies whose systems were monitored for spam; the weekly totals of spam rose from an average of 800 million spam messages per week to well over 1.2 billion spam messages per week by the end of the reporting period. Moreover, spam made up more than 60 percent of all e-mail traffic observed by Symantec during this period.

Future and emerging trends:
* The use of bots and bot networks for financial gain will increase, especially as the diverse means of acquiring new bots and developing bot networks become more prevalent.

* Malicious code targeting mobile devices is expected to increase in number and severity. With many groups researching vulnerabilities in Bluetooth-enabled devices, the possibility of a worm or some other type of malicious code propagating by exploiting these vulnerabilities increases.

* Symantec expects that client-side attacks using worms and viruses as propagation methods will become more common.

* Attacks hidden in embedded content in audio and video images are expected to increase. This is a concern as image files are ubiquitous, almost universally trusted, and an integral part of modern day computing.

* Symantec expects security risks associated with adware and spyware to increase. Impending legislation to curb these risks is not expected to be an effective or sufficient deterrent on its own.

www.symantec.com

Date: 23rd March 2005 • Region: UK/World Type: Article •Topic: ISM
Rate this article or make a comment - click here



Copyright 2005 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help