Contaminants market is worth billions and specializing further, says report
In its report on threats in the first two quarters of 2007, security specialist Symantec concludes that the market for malware is becoming both more professional and more commercial. In addition, attacks on both companies and private users are increasingly more regionally focused.
According to the report, malware authors have created a market now worth billions. As a result, the development of contaminants is now professional. Attack tool kits such as MPack that are based upon high quality code are becoming more common, demonstrating the trend towards professionalism. Symantec finds that the greater commercial focus is reflected by the increasing use of phishing toolkits, which automatically combine the creation of phishing websites and e-mails. More than 40 percent of the phishing attacks in the first two quarters were products of the three most commonly used phishing toolkits. In addition, the number of underground servers that sell stolen credit card information, for instance, has reportedly increased. Symantec says that 64 percent of these servers are found in the US, 12 percent in Germany, and 9 percent in Sweden. So it seems that, despite its new laws, Germany has become a greater source of threats since Symantec's 11th Threat Report.
Symantec believes that multistage attacks are becoming more common. For instance, a Trojan can install additional dangerous components from the Internet rather than entering systems as a complete "product". In the first two quarters, more than half of the 50 most common contaminants were such multistage downloaders. Contaminants spread by MPack belong in this category. Another trend is the exploitation of Web 2.0 applications. Social networks such as MySpace are particularly vulnerable because they intrinsically invite user trust.
In its Threat Report, Symantec also provides some other interesting figures. For instance, some 43 percent of all Command&Control servers for bot networks are in the US. And 29 percent of all computers infected with bots are found in China. Surprisingly, the average number of computers infected with active bots dropped over the last two quarters of the previous year by 17 percent. However, this year computers remained infected with a bot for an average of four days, compared to only three days last year. In the first two quarters of 2007, Symantec discovered more than 212,000 new contaminants, an increase of 185 percent. 46 percent of the contaminants were distributed via e-mail, the most commonly used means of dissemination. The report does not, however, say how many infections are actually due to infected e-mails, but Symantec does assert that the future direction is web-based threats from Web 2.0 applications.
The trends listed in Symantec's analysis are hardly surprising; after all, they are basically just the expected continuation of the status quo. In the previous Threat Report, the main trend was that all threats were becoming more common. This trend seems to have persisted in the first two quarters of 2007 and can be expected to continue into the next two.