Symantec's security threat report (and Andy's Zune)

Wow! It's Wednesday's IT Blogwatch: in which we dissect Symantec's latest Internet Security Threat Report. Not to mention how 60 Minutes' Andy Rooney might review the Zune...

Martin McKeay kicks us off:

I just got through reading the latest Internet Security Threat Report (ISTR) from Symantec ... It makes for some interesting reading on the current trends and some educated guesses by the experts with the raw data at their fingertips ... people are still clicking on software they get in emails ... at an astonishing rate, despite all efforts at education ... Malware is being sent through email because it's effective. Much of it's not attacking system vulnerabilities because it doesn't have to; the user is installing it. Until the average end user understands that clicking on an attachment from an unknown sender is a bad idea, we'll continues to see these numbers rise.
...
Most people already know some of what the report's telling us through first hand experience; we're all seeing more spam in our inbox, we're seeing more stock hype spam and we're seeing our spam filters become less effective. We're hearing about more data breaches on a weekly, sometimes daily basis. We're reading about bot-nets big enough to DDoS major service providers. Symantec is giving us the numbers to measure what we're already experiencing.

Preston Gralla had a different angle:

We're number one! ... Worried that the U.S. is falling behind the rest of the world in technology because our broadband penetration is so poor, and our higher education system so lousy in turning out engineers? Take heart: When it comes to writing malware and viruses, we kick butt, leading the rest of the world by a wide margin.

The latest Internet Security Threat Report released by Symantec says that the highest percentage of malware originates in the U.S., with some 31% coming from U.S. networks. China is a distant second, with 10%, and Germany was third with 7%. We're the world leader in another dubious way as well. The majority of so-called "underground economy servers" run by criminal gangs  are hosted in the U.S. as well.
...
It's an inevitable result of a thriving free market and tech expertise. An underground economy often mirrors the legal, above-ground one. Scratch a criminal, and sometimes you find a misguided entrepreneur, looking to get rich a little too quick.

Your humble blogwatcher digs out the data and trends:

Here are some highlights (percentage changes are over a six month period):

• About half of identity thefts are caused by loss or theft of laptops and other hardware containing personal data
• Denial of Service attacks are down about 20%
• Botnet activity is up by about 10% (in terms of number of active zombies)
• China hosted about one quarter of these zombies -- more than any other single country
• The U.S. hosted about 40% of the botnet command-and-control nodes
• New vulnerabilities (e.g. in Windows or Web applications) were up about 10%
• Operating system vendors are taking "longer" to patch vulnerabilities (no quantitative data disclosed)
• The Stration family of worms was the most widely-reported
• Email is still the most-used vector for propagating viruses and other malware -- at about 75%
• Phishing is up 5% in terms of numbers of campaigns, and about 20% in terms of volume
• Phishing attacks are more likely to be sent on a weekday than at the weekend
• Stock kiting and other financial services spam represented about a third of all spam

Symantec's Marc Fossi delves deeper:

Six months ago, in the previous volume of Symantec's Internet Security Threat Report, I wrote that we were seeing a shift away from “noisy” worms towards targeted Trojans that attract less attention. In the second half of 2006, this trend remained true, as the volume of Trojans reported by Symantec customers increased and the volume of worms decreased. At the same time, a lot of these Trojans are becoming more sophisticated.

In the latest edition of the Internet Security Threat Report, we note that multi-stage downloaders, also referred to as modular Trojans, are becoming more prevalent most likely because of their versatility. The first stage of these downloaders is usually a small Trojan that disables your security and antivirus applications then downloads a more complex threat. Since the initial stage disables security applications, the second stage can be almost anything the attacker chooses, including older threats that would otherwise have been detected by antivirus.

Frequently, the second stage will be a threat that allows some sort of remote access or can accept commands from the attacker. This way, once the attacker has a foothold into your computer with the first stage, they can take full control with the second stage. Once they have control, they can do almost anything they want with your computer like downloading other threats, stealing personal information, or logging keystrokes.

Mark Dixon identifies another worrying aspect: [Oh good grief -Ed.]

You can buy a complete, albeit spurious, identity for a mere $14 [according to] Symantec ... Just think - a sinister economy based on phishing for and selling stolen Identities. But instead of secretive, smoke-filled, poorly lit rooms in some back-alley dive, this economy is purring along in modern data centers, right under our collective noses. Sounds downright scary if you stop to think about it.

Jacqui Cheng adds:

In the most recent report, however, the company tracked for the first time the trade of personal data through the use of underground economy servers ... defined by Symantec as places where "criminals and criminal organizations sell stolen information, typically for subsequent use in identity theft." This includes everything from credit and debit card numbers, PIN numbers, user accounts and passwords, government-issued ID numbers, and other personal information. 51 percent of those servers were found in the US ... 86 percent of the credit card information sold underground were from US banks ... with cards from the UK coming in second at 7 percent, and Canada at one percent
...
That's right: a criminal can buy your personal credit or debit card number, complete with PIN, for less than the price of a Happy Meal at McDonald's.

Kadin2048 needs to get out more:

Sometime when you're looking for an evening's entertainment ... fire up a VMWare VM and ... browse around. For fastest results, be sure to hit up some of the seedier side of the internet -- a quick Google for "serial numbers" will get you malware-ridden sites within the first few results. Then, just hit yourself on the head or otherwise simulate a stupid/ignorant user, and click "OK" to anything the computer prompts at you for a few minutes. In short order, you will probably have so much adware, malware, Trojans, and keyloggers on the VM, it's nearly impossible to ever clean it out.

Tablizer blames, "Offshoring and the downturn":

During the depths of the IT recession, there were rumbles of out-of-work programmers talking about joining the "dark side" out of frustration. Perhaps many did.

Buffer overflow:

Around the Net

• Consumerist: How I Became A Music Pirate
• Mark Evans: Is Web 2.0 Innovation Over?
• Michael Arrington: CBS Acquires High School Sports Site
• Richard Koman: Schmidt: GOOG is not a content company (and the datacenter is king)
• George Ou: How Apple orchestrated web attack on researchers
• Tim O'Reilly: Twittering your Home
• Digital World Tokyo: Sanyo’s loses its head as female boss quits
• Good Morning Silicon Valley: Data theft industry embraces best practices
• Mike Kavis: Should ROI drive your Portfolio?

Around Computerworld

• Douglas Schweitzer: Going, Going, Gone !
• Perry Carpenter: Month of “MySpace” bugs – taking it too far?
• Brent Lobes: Gobble gobble... burrrrp. Help, I'm surrounded by Cisco digestive juices!
• Ian Lamont: Second Life: 2D bridges and fragmented worlds
• Angela Gunn: MIT sticks to its DRM course
• Joyce Carpenter: They took anyone ... even women
• Evan Koblentz: John Backus, Fortran pioneer, 82
• Shark Tank: Hey, that's not in the script!
• Shark Bait: Oh, did you need that?

Previously in IT Blogwatch

• Adobe's Apollo: an alpha announced (and ISO fast-track)
• Microsoft criticizes Microsoft on security (and 6th sense)
• WebEx meets Cisco for $3bn (and best geek hotels)
• HP pretexting suit ends with whimper (and Best. Pun. Ever.)
• Viacom to Google: Your money or your money (and pi day)
• Older posts

And finally... Andy Rooney's Zune

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richi.co.uk.