Network News

X My Profile
View More Activity

Report: Four Percent of E-Crime From Fortune 100

Roughly four percent of all spam, malicious software attacks, phishing Web sites and other cyber crime activities detected in the first half of 2007 emanated from the networks controlled by the world's 100 highest-grossing companies, according to a new report from anti-virus company Symantec.

The finding, from Symantec's semi-annual Internet Security Threat Report, is significant because it indicates how much Fortune 100 organizations have been compromised and are being used by attackers as launching pads for malicious activity, the report notes.

The report jibes with data published by Security Fix in March, which found evidence of phishing Web sites, spam and malware coming from major corporations, including Best Buy, ExxonMobile, HP, and Oracle, among others.'s Ryan Singel recently documented similar findings.

Symantec cautions, however, that this statistic is actually lower than one might expect, given that Fortune 100 companies collectively control more than seven percent of the world's Internet address space (known as "IP addresses"), and that much of that space is presently unused.

"Since the proportion of malicious activity originating from Fortune 100 IP space is lower than the proportion of the world's active and advertised IP space that is assigned to these organizations, less attack activity is originating from Fortune 100 companies than other IP spaces."

Symantec also found that the average number of bot-infected PCs -- machines seeded with software that allows attackers to remotely control them for criminal purposes -- actually decreased by 17 percent in the first six months of 2007.

This would be notable and welcome news were it not somewhat misleading. The problem is that Symantec admittedly does not have any reliable way to measure the number of bots under the thumb of the criminals who control the Storm worm, a contagion that has infected between one and 10 million PCs worldwide (depending upon which experts you ask).

That's because Storm-infected machines receive updates and instructions via a peer-to-peer system, a decentralized network that actually uses the very same communications protocol as the eDonkey network, which is currently used to trade audio and video files, as well as computer software.

Criminals who run bot networks -- more commonly called "botnets" -- typically control them by having each infected machine report to an Internet based server to receive instructions and updates. Often times, it is possible for security researchers to connect to these so-called "command and control servers" (C&C) and count the number of infected machines are reporting for duty, or disable the server altogether.

As a result, botnets controlled by traditional C&C servers are vulnerable to compromise or shutdown because they rely on a single point of failure: take out the C&C and you can often effectively hobble the botnet. But because it is using a peer-to-peer network, the Storm worm is proving next to impossible to shut down. The P2P aspect also makes it much more difficult to gauge its size.

Symantec's report does note that the Trojan horse program used to install the Storm worm on victim PCs -- which it calls the "Peacom Trojan" -- was in fact the most widely reported family of malicious software spotted in the first half of this year.

Other interesting data from the report:

"Threats with keystroke-logging capacity made up 88 percent of confidential information threats during this period, as did threats with remote access capability, such as back doors. This is an increase from 76 percent and 87 percent respectively over the previous period."

Symantec also broke down the number of security holes found in the most popular Web browsers, including 39 vulnerabilities in Microsoft Internet Explorer, 34 in Mozilla browsers such as Firefox, 25 in Apple Safari, and seven in Opera. In the second half of 2006, 54 vulnerabilities were disclosed for Internet Explorer, 40 for Mozilla browsers, four for Apple Safari and four for Opera.

Among the browser stats, I found this one to be most compelling: Symantec documented 237 vulnerabilities in Web browser plug-ins. Nearly 90 percent of those were related to ActiveX components in IE that were found to introduce security holes that could let malicious Web sites compromise Windows PCs.

By Brian Krebs  |  September 17, 2007; 3:27 PM ET
Categories:  Fraud , From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Would You Like Some Quechup With Your Spam?
Next: The Threat of Reputation-Based Attacks

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company