MANILA, APRIL 29, 2008 (STAR) The latest Internet Security Threat Report (ISTR) released by Symantec Corp. reveals that Manila is the city in the Asia-Pacific and Japan (APJ) region with the sixth highest number of bot-infected computers.

Bots are programs that perform repetitive functions such as posting a message to multiple newsgroups or searching for information.

The ISTR Volume XIII covers findings in the six-month period from July 1 to Dec. 31, 2007. Manila’s ranking is a giant leap from the 83rd ranking in the previous reporting period from Jan. 1 to June 30, 2007.

Richard Velasco, Symantec’s senior technical consultant for the Philippines, said, “Bot-infected computers are a real concern for online users because their personal information can be easily leaked out, and compromised computers can be used as a launch base for other attacks.”

Symantec’s ISTR is one of the most reputed and referenced sources of Internet security threat data for governments, the industry and organizations from around the world.

The ISTR leverages data collected from Symantec’s Global Intelligence Network, which tracks attack activity across the entire Internet with 40,000 sensors monitoring network activity in more than 180 countries.

In the Philippines, Symantec has shared the ISTR XIII with the National Bureau of Investigation (NBI) and the Philippine National Police (PNP).

Commenting on the report, Superintendent Gilbert Sosa, chief of the anti-transnational crime division of the Criminal Investigation and Detection Group, said, “Today’s consumers and businesses should be more vigilant and informed on trends and threats on the Internet to keep safe online and secure their data. Information that private sector companies like Symantec provide is crucial in fighting nefarious activities of cyber criminals.”

For his part, Vicente de Guzman III, chief of the NBI’s anti-fraud and computer crime division, said, “Symantec’s ISTR XIII is a useful resource for the NBI in its fight against cyber crimes. Through the in-depth analysis of Internet security trends and data for the Philippines and APJ, the NBI can galvanize the public, lawmakers and private sector on the urgency of fighting cyber crimes such as identify theft and information hijacking.”

De Guzman added: “Through the release of the ISTR, Symantec becomes an able partner of the government in fighting cyber crimes without us straining precious resources to monitor and identify the Internet security threat trends.”

Attacks vs trusted websites

On the global front, ISTR XIII found that trusted websites have been used as the primary conduit of attack activity, as opposed to network attacks, and that online users can increasingly be infected simply by visiting these websites every day.

The report is derived from data collected by millions of Internet sensors, first-hand research and active monitoring of hacker communications, and provides a global view of the state of Internet security.

In the past, users had to visit intentionally malicious sites or click on malicious e-mail attachments to become a victim of a security threat.

Today, hackers are compromising legitimate websites and using them as a distribution medium to attack home and enterprise computers.

Symantec noticed that attackers are particularly targeting sites that are likely to be trusted by end-users, such as social networking sites.

“Avoiding the dark alleys of the Internet was sufficient advice in years past,” said Vic Ciencia, Symantec’s systems engineering manager for the Philippines.

“Today’s criminal is focused on compromising legitimate websites to launch attacks on end-users, which underscores the importance of maintaining a strong security posture no matter where you go and what you do on the Internet,” Ciencia added.

Attackers are leveraging site-specific vulnerabilities that can then be used as a means for launching other attacks.

In the last six months of 2007, there were 11,253 site-specific, cross-site scripting vulnerabilities reported on the Internet. These represent vulnerabilities in individual websites.

However, only 473 (about four percent) of them had been patched by the administrator of the affected website during the period, representing an enormous window of opportunity for hackers looking to launch attacks.

Phishing — a fraudulent attempt, usually through e-mail, to steal personal information — also continues to be a problem. In the last six months of 2007, Symantec observed 87,963 phishing hosts — computers that can host one or more phishing websites.

This is an increase of 167 percent from the first half of 2007. Eighty percent of brands targeted by phishing attacks during the study period were in the financial sector.

The report also found that attackers are seeking confidential end-user information that can be fraudulently used for financial gain and are less focused on the computer or device containing the information.

In the last six months of 2007, 68 percent of the most prevalent malicious threats reported to Symantec attempt to compromise confidential information.

Additional key findings

In 2007, Symantec detected 711,912 new threats compared to 125,243 in 2006 — an increase of 468 percent.

This brings the total number of malicious code threats detected by Symantec to 1,122,311 as of the end of 2007.

Symantec measured the release of both legitimate and malicious software during a portion of the reporting period and found that 65 percent of the 54,609 unique applications released to the public were categorized as malicious.

This is the first time Symantec observed malicious software outpacing legitimate applications.

The government was the top industry sector for identities exposed, accounting for 60 percent of the total, an increase from 12 percent in the previous reporting period.

A full identity can be purchased in the underground economy for as little as $1.

Chief News Editor: Sol Jose Vanzi

All rights reserved