Symantec: Viruses Aimed at Windows Grow in Number

Internet-based hacker attacks are being developed more quickly, becoming more sophisticated and are increasingly focusing on two high-profile targets — e-commerce and Microsoft’s Windows operating system — according to a report from leading antivirus firm Symantec.

In its “Internet Security Threat Report” for the first six months of 2004, Symantec said attacks against e-commerce targets were up 400 percent from the second half of 2003 and made up 16 percent of all attacks.

The company said the shift toward e-commerce attacks might have resulted from an increasing desire among those writing and deploying attacks to score economic paydays rather than notoriety, which was once considered the most powerful motivator for many hackers.

Meanwhile, viruses and worms that attack the Windows platform also grew sharply. Symantec found 4,496 new instances of malicious code aimed at the Microsoft operating system, up some 450 percent over the previous six months.

“Exploits are being created more easily and faster than ever, while attackers are launching more sophisticated attacks for financial gain,” said Arthur Wong, Symantec’s vice president of security response and managed security services. “Software vulnerabilities and targeted attacks remain a primary area of concern for organizations and individuals.”

Faster Exploits

Wong said one of the most important findings of the report might be how quickly exploits are being developed for known vulnerabilities, with the average vulnerability-to-exploit window shrinking to less than six days.

This means that when patches are made available, companies and individual users might have less than a week to deploy those patches before attacks begin. However, given the sheer volume of patches being released, patching systems that rapidly often is not realistic in many business settings.

Adding to the problem is a sharp rise in so-called “bot networks” of corrupted machines that are used by hackers to launch attacks. Symantec said that during the six month period starting in January, the average number of bots it monitored rose from under 2,000 to more than 30,000 per day and hit a peak of 75,000.

Symantec also reported that more vulnerabilities are appearing that are easy to exploit, with 70 percent of the 1,237 known flaws, or about 48 per week, falling into that category.

Phishing Attacks on the Rise

In noting the rise in phishing and other attacks targeting consumers who share their financial information online, the Symantec report echoed earlier warnings. The Anti-Phishing Working Group reported earlier this year that complaints of known phishing attacks had risen some 4,000 percent from November of 2003 to April of this year.

Gartner analyst Avivah Litan said that such attacks are becoming increasingly sophisticated and have tricked even experienced Web users into revealing their personal data.

“Online fraud poses huge challenges to online business,” Litan said. “Online fraud can severely damage customers’ confidence in Internet transactions, a confidence that businesses have often taken years to build.”

Litan warned that even if consumers learn to avoid falling victim to phishing attacks, next-generation techniques such as keystroke logging programs are also becoming more common. “The industry is realizing it’s not just a problem for consumers,” she added.

Aim Here

That Microsoft would continue to be the most favored target of hackers is no surprise to most security experts. Ken Dunham, director of malicious code at iDefense, said Microsoft has always been the most logical target for developing attack code, because the sheer size of its market reach gives such attacks the best chance of working.

And the fact that Microsoft has vowed to make software security a central focus might only heighten the desire of attackers to bring Windows down, Dunham told the E-Commerce Times.

“Bragging rights is still a big motivator in the hacking community,” said Dunham. “The goal is to bring down big giants and there’s none bigger than Microsoft.”

The Windows trend certainly hasn’t slowed over the summer either. In fact, the latest Microsoft-related warning from the Internet Storm Center also highlights the increased speed of developing exploits for known vulnerabilities.

The latest warning deals with a flaw that enables JPEG images to be rigged with code that could allow an attacker to gain control of a computer. Microsoft published a warning of the flaw and within days two potential exploits were known to be making the rounds online, according to the Internet Storm Center.