Symantec report: E-comm attacks on rise

Symantec last week issued its biannual Internet threat report, which notes, among other trends, that e-commerce sites were the most targeted by hackers in the first six months of this year.

Symantec's report indicates that attacks on e-commerce firms grew to represent 16% of all attacks, up from 4% in the previous six-month period. Alfred Huger, senior director of engineering for the Symantec Security Response division, surmises e-commerce sites might be among the easiest places to steal credit card data. Symantec's previous six-month report cited banks and brokerages were the most-targeted industry.

"The e-commerce sites seems to be a place where attackers go after credit cards and goods for the cash," Huger says.

In addition, the Symantec report, which analyzed data for the period from January through June, points out that the number of computers infected by bots, short for robot code that an attacker installs on a computer to remotely scan systems and collect data, increased from less than 2,000 in the last six months of last year to more than 30,000 for the first six months of this year.

One particular bot, the remote-access Trojan called Gaobot, was predominant. "It's become the de facto bot on the Internet for back doors," Huger says."The person who controls it can launch a denial-of-service attack or basically anything they want." Huger added that there's evidence the Gaobot source code is being sold for about $500 for criminal use.

Symantec also documented 4,496 new Windows-based viruses and worms for the first half of this year, four-and-a-half times the number in the same period last year. The Slammer worm, first reported in January 2003, ranked as the most prevalent type of attack, while Gaobot was second.

Overall, organizations received an average of 11 attacks per day, a 15% decrease from the previous six-month period and a 27% drop as recorded in the first six months of 2003.

Worms and bots often infiltrate host computers by exploiting vulnerabilities. For the first half of this year, the number of disclosed software vulnerabilities grew 5% over the previous six months to 1,237. In addition, attackers are exploiting known vulnerabilities far more quickly than they have in the past, with the average time between the vulnerability's announcement and the attack on Web-based applications shrinking from 99 days a year ago to 5.8 days today.

Symantec collects its report data from more than 20,000 sensors maintained by cooperating organizations in 180 countries.

Read more about software in Network World's Software section.