Network managers take note: Malicious code activity is on the up and hackers are targeting users’ confidential security-keyinformation. Security firm Symantec, in its Internet Security Threat Report released this month, said the malicious code signatures it developed in 2008 represented more than 60% of all malicious code signatures ever created by Symantec.

The report found that 90% of all threats detected by Symantec in 2008 attempted to steal confidential information and keystroke logging was the main method employed by hackers. Keystroke loggers, which logs all keyboard activity, can steal information such as online bank account credentials and credit card numbers. These details are sold by criminals to organized gangs in a market that has not suffered in the economic downturn.

Symantec also found that malware authors are becoming more resilient and finding new ways to relaunch their activities after suffering temporary shutdowns. The report gives an example of the shuttering of two U.S.-based botnet housing outfits that contributed to a significant decrease in active botnet activity during September and November. But they re-emerged on alternate hosting Web sites and soon began infecting victims to a level higher than their pre-shudown levels.

Web applications were the common sources of vulnerabilities, the report notes. Of the 12,885 site-specific cross-site scripting vulnerabilities reported in 2008 only 3% had been fixed at the time the report was written, according to Symantec. Cross-site scripting allows hackers to inject their code into legitimate Web pages.

Most Web-based attacked originated from the U.S. during 2008, followed by China and the Ukraine. Europe, the Middle East and Africa acounted for 45% of the world’s Web-based attacks.

The report also found that by the end of last year more than one million individual computers had been infected by the Conficker worm, which continues to be active and which you can catch with Flow Analytics.

If you want to read more from the security report, Symantec has a Web page dedicated to it.

Related security posts from NetFlow Knights:

Network security: Cisco NetFlow watching for strange behavior on your network

Downadup/Conficker Worm caught by using Flow Analytics, NetFlow Analyzer

Conficker C: The biggest prank of the year

Jake Bergeron author pic


Jake Bergeron is currently one of Plixer's Sr. Solutions Engineers - He is currently responsible for providing customers with onsite training and configurations to make sure that Scrutinizer is setup to their need. Previously he was responsible for teaching Plixer's Advanced NetFlow Training / Malware Response Training. When he's not learning more about NetFlow and Malware detection he also enjoys Fishing and Hiking.


Leave a Reply