Symantec: Data thieves thrive on zero-day flaws

According to Symantec's threat report for the second half of 2006, attackers exploited misplaced USB drives and zero-day flaws to steal vast amounts of data. Expect more of the same in 2007.

Business was good for data thieves in the second half of 2006, as they aimed their botnets and Trojan horse programs at an increasing array of zero-day flaws and took full advantage of misplaced or stolen USB flash drives. IT administrators should shield their networks from those attacks and brace for fresh phishing scams and other exploits against Windows Vista, mobile devices and virtual environments.

That's the takeaway from Symantec Corp.'s threat report for the period, released on Monday. It covers the threat landscape over the six-month period between July 1 and Dec. 31, 2006 and is similar in many respects to the vendor's threat report for the first half of 2006.

Vincent Weafer, senior director of Symantec Security Response, in Cupertino, Calif., said attackers used 2006 to continue building themselves a foundation for crime.

"Attackers are focused on data leakage and malcode that targets specific organizations and it's all about how to get your data and your assets for financial gain," he said. "The data leakage problem is about the home user as well as the enterprise. Enterprises have a responsibility to protect data, and there's a wider area to worry about as they use more VoIP and smart phones. They need to know what information is going out [via that technology]."

Among the highlights of the latest report:

  • Symantec reported more than 6 million distinct bot-infected computers worldwide during the second half of 2006, a 29% increase from the previous period. The number of command-and-control servers used to relay commands to these bots actually decreased by 25%, though Weafer attributes that to botnet owners consolidating their networks and increasing the size of their existing networks.
  • Trojans accounted for 45% of the top 50 malware samples, a 23% increase over the first six months of the year.
  • Twelve zero-day vulnerabilities were counted during the second half of 2006, marking a significant increase from the one zero-day flaw documented in the first half of the year.
  • Digital miscreants are using underground economy servers to sell stolen information, including government-issued identity numbers, credit cards, bank cards and personal identification numbers (PINs), user accounts, and email address lists.
  • Theft or loss of a computer or data storage medium, such as a USB thumb drive, made up 54% of all identity theft-related data breaches.
  • Countries with the highest amount of malicious activity originating from their networks were the U.S. at 31%; China at 10% and Germany at 7%.

Attackers are focused on data leakage and malcode that targets specific organizations and it's all about how to get your data and your assets for financial gain.
Vincent Weafer
Senior DirectorSymantec Security Response
Weafer said botnets and other malware are also increasingly used for extortion and intimidation. "The bad guys are saying 'pay me money or I'll give you a denial of service,'" he said.

Going forward, Symantec warned IT security professionals to prepare for:

  • Threats against Windows Vista, with a focus on vulnerabilities, malicious code and attacks against the Teredo platform. Attackers will also target third-party applications that run on Vista.
  • New phishing economies, with phishers expected to expand their targets to include new industry sectors like online gaming. The bad guys will also develop and implement new techniques to sneak past anti-phishing solutions such as block lists.
  • An increase in spam and phishing attacks against mobile platforms.
  • New attacks against virtual environments as a way to compromise host systems.

Read more on IT risk management