The year 2008 saw a huge increase in malicious code threats, and the United States retained the dubious distinction of being the top cyber sore spot, according to Symantec's Internet Security Threat Report for 2008.
The security firm identified 1,656,227 new malicious-code threats, up 265% from the year before, and financially motivated criminal activity was a recurring theme. In addition, Symantec observed 75,158 active bot-infected computers per day last year, an increase of 31% from 2007.
China had the most bot-infected computers in 2008, accounting for 13% of the worldwide total (down from the 19% it held the year before). The United States, meanwhile, housed the most bot command-and-control servers, with 33% of the total.
"The popular idea is that attacks from botnets come from China, but they're not necessarily controlled by Chinese people," says Dean Turner, director of global intelligence network at Symantec Security Response. "We can only trace them back to the last hop."
In terms of raw numbers, the United States and China have the most Internet users in the world, says Turner, noting that factors such as "good available bandwidth" and the "high rate of computer literacy" appear to impact where crime-related online activity will focus. China may be No. 1 in bot-infected computers simply because of the software piracy and failure to patch there, he points out.
In the region that comprises Europe and the Middle East, the top city last year for bot infections was Lisbon, Portugal. Russia was the top country for bot command-and-control servers, and Ukraine was the top country for Web-based attacks in 2008.
Not surprisingly, China dominated on all counts in the Asia-Pacific region.
But the United States still led overall. It was tops globally for the origination of Web-based attacks in 2008, taking 38% of the total. The United States also was the country most frequently targeted by denial-of-service attacks, accounting for 51% worldwide. As the top country for credit cards advertised on underground economy servers, the United States accounted for 67% of the total activity.
Altogether, the United States was "the top country of attack origin in 2008, accounting for 25% of worldwide activity," says the Symantec Internet Security Threat Report published Tuesday.
The good news for the United States is that only 43% of phishing sites identified by Symantec were located in the United States, down from 69% reported in 2007.
The 2008 threat report also found the sheer number of vulnerabilities in software and hardware is increasing. Symantec identified 5,491 specific vulnerabilities in 2008, up 19% from the year before.
These vulnerabilities "facilitate theft of confidential information," Turner notes. The top-ranked vulnerability for 2008 was the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability.
Of 383 cases of data breaches at organizations identified by PrivacyRights.org last year, more than 83 million identities were exposed, and "29% of all data breaches that exposed identities came from financial services," Turner says.
"2008 was really a continuation of a trend we saw developing the year before," Turner concludes. "It's about fraud, theft and making money, taking personal and financial confidential information."