Hackers hit websites, make security compromises

Legitimate websites hosting malicious code

Hackers are increasingly taking advantage of weaknesses in web applications and plug-ins to turn legitimate websites into a source of malicious code, according to a report issued by Symantec.

The latest Symantec Internet Security Threat Report has found that Web-based threats, such as botnets, have become widespread and more sophisticated.

The security firm logged over 1.6 million new threats in 2008 which nearly account for 60% of all signatures that it has created to date.

"As malicious code continues to grow at a record pace we're also seeing that attackers have shifted away from mass distribution of a few threats to micro-distribution of millions of distinct threats," said Stephen Trilling, vice president at Symantec Security Technology and Response.

Legitimate websites can sometimes host malicious code, Symantec warned. "In the case of a popular, trusted site with high traffic, this can yield thousands of compromises from a single attack," said the Symantec report. Websites operated by the United Nations and the British government were used last year to deliver malicious material to visitors without their knowledge, the report said.

In its EMEA report, which highlights findings from Europe, the Middle East and Africa, Symantec said it had observed an average of 32,188 active bots per day in the EMEA region in 2008, a 47% increase from 2007, when 21,864 active bots were detected.

For the second year running, the UK had the second highest level of malicious online activity in the Europe, with 11% of the region's total. Germany topped the league with 14%.

But the UK was the top ranked country for back doors and Trojans in EMEA in 2008, while Trojans were the most common type of malicious code identified in EMEA in 2008, accounting for 66% of the top 50 potential infections in the region — a minor increase from 64% in 2007.

What's more, plans to improve broadband in the UK by rolling out fibre to the home could also boost malicious activity, Symantec warned. BT is in the midst of trials to deploy fibre across the UK, which will provide higher bandwidth capacities than traditional DSL or cable lines.

Symantec said these trials could make the UK a target for bot activity, as botnet operators are likely to target the connections that offer the greatest bandwidth capacity for carrying out attacks.

"With the push towards greater internet bandwidth and 'fibre to the home' for 2012 the cybercriminal is also looking to upgrade," Guy Bunker, chief scientist for Symantec told Computerworld UK.

Bunker advised users that increase their internet bandwidth to also improve security. "If a cybercriminal can turn your computer into a bot, then he will use your newly found bandwidth to churn out millions of spam messages a day and you could well end up paying for the bandwidth they use and ultimately miss out on all the great HD programming out there," he said.

Another key trend was that organised criminal groups are targeting individuals for financial gain "more than ever before". Ninety percent of attacks were designed to steal personal information such as names, addresses and credit card details.

Criminals around the world are finding profit in phishing scams and botnets, which surreptitiously take over PCs and steal credit card numbers or other personal information that can be used for financial gain. Bots are also inexpensive to run. Symantec observed advertisements for bot-infected computers in the underground economy for as little as two pence per bot.

The report also said credit-card details sell for as little as 40p, although some could fetch £20. Bank account details sold for as much as £675, while full identities could be bought for between 50p and £40.

The global report found 78% of confidential information threats exposed user data during 2008, and 76% used a keystroke logging component to steal information such as online banking account information.

"Sixty per cent of all the (malicious code) threats in the past 20 years came in the last 12 months alone," said Vincent Weafer, Symantec's vice president of security content and intelligence.

Join the newsletter!

Error: Please check your email address.

Tags symantecSecurity ID

Show Comments
[]