Virus writers follow the money

More than half of recent major Net threats try to glean identity theft data, according to a new Symantec study.

Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
Dawn Kawamoto
2 min read
More than half of recent major Internet threats tried to harvest personal information, a sign that financial gain is behind the attacks, according to a Symantec study.

Identity theft features were found in 54 percent of the top 50 malicious codes detected between July and December last year, the security company said in a report released on Monday. That marks an increase on the 36 percent found during the same period in 2003.

"This represents a clear trend that attackers have gone from seeking fame to seeking fortune," said Oliver Friedrichs, a senior manager with Symantec Security Response.

Computers are increasingly coming under attack from Trojan horses, worms and viruses that attempt to glean users' cached log-on data and passwords to financial information. This trend is not likely to slow down soon, Friedrichs noted.

The study also detected a rise in phishing attempts, which are used by financially motivated attackers. Phishing scams, which rely on social engineering to dupe people into providing sensitive financial and confidential information, use fake e-mails and Web sites that look legitimate.

Symantec said that by the end of December, it was blocking an average of more than 33 million phishing attempts a week--up from an average of 9 million a week in mid-July.

Regulatory intervention and technological means of checking the legitimacy of e-mails have been suggested as methods of reducing identity threat attacks. But regulations are somewhat limited, because the individuals behind the scams are already breaking the law and show an apparent disregard for rules and regulations, Friedrichs said.

He added that technology, in its current form, is also hard-pressed to combat phishing e-mails and identity threat attacks.

"Most of the technology today is in its infancy," Friedrichs said. "There are a number of efforts underway to create standards to validate these e-mails, but right now there is no clear standard that has been incorporated into technology."

The study also found an increase in the number of flaws in Web applications, which could let attackers get past traditional protections such as firewalls. Vulnerabilities in Web applications accounted for 48 percent of the total number of flaws detected between July and December, up from 39 percent during the first six months of the year.

"Attacks are increasingly focusing on the Web server, which is one of the few things exposed externally," Friedrichs said, referring to the server's placement outside the network wall.