Symantec Internet Security Threat Report Finds Malicious Activity Continues to Grow at a Record Pace

Malaysia’s Ranking in Asia Pacific and Japan Dropped for Bot-infected Computers, Hosting Phishing Websites and Spam Origin

KUALA LUMPUR, Malaysia – April 28, 2009 – Symantec Corp. (Nasdaq; SYMC) today announced thatmalicious code activity continued to grow at a record pace throughout 2008, primarily targeting confidentialinformation of computer users. According to the company’s Internet Security Threat Report Volume XIV(ISTR XIV), Symantec created more than 1.6 million new malicious code signatures in 2008. This equates tomore than 60 percent of the total malicious code signatures ever created by Symantec -- a response to the rapidlyincreasing volume and proliferation of new malicious code threats. These signatures helped Symantec block anaverage of more than 245 million attempted malicious code attacks across the globe each month during 2008.

The Internet Security Threat Report is derived from data collected by millions of Internet sensors, first-handresearch, and active monitoring of hacker communications, and provides a global view of the state of Internetsecurity. The study period for the ISTR XIV covers January 2008 to December 2008.

Drop in regional country ranking for Malaysia
Findings for Malaysia reveal a drop in Asia Pacific and Japan (APJ) country ranking for bot-infected computers,hosting phishing websites and spam origin. In 2008, Malaysia registered the ninth highest bot-infectedcomputers in APJ, down from the sixth ranking in 2007. Short for “robots”, bots are covertly installed on acomputer to allow hackers to remotely control the machine for a wide variety of malicious purposes such asinformation and identity theft.

For top countries hosting phishing websites, Malaysia’s ranking dropped from eighth in 2007 to ninth in 2008for the APJ region. And for spam origin, Malaysia’s ranking dropped from sixth in 2007 to ninth in 2008.

“While the ISTR XIV findings show that Malaysia has dropped in terms of country ranking in APJ for botinfectedcomputers, hosting phishing websites and spam origin, the volume of these activities continue to growat a rapid pace globally. Therefore, businesses and consumers should continue to stay vigilant and make suretheir information and interactions are well protected against online threats,” said Symantec’s Ong Kah Wooi,Technical Consultant Manager, Pre-Sales, Malaysia.

“As broadband usage in Malaysia continues to expand, users will be exposed to the risks of attacks, especiallywith the increasing prevalence of Web-based attacks.”

Web-based attacks evolve, underground economy thrives
Symantec’s ISTR XIV report noted that Web surfing remained the primary source of new infections in 2008,and that attackers are relying more and more on customized malicious code toolkits to develop and distributetheir threats. Furthermore, 90 percent of all threats detected by Symantec during the study period attempt tosteal confidential information. Threats with a keystroke-logging capability—which can be used to stealinformation such as online bank account credentials—made up 76 percent of threats to confidential information,up from 72 percent in 2007. Malaysia is also registering a similar trend, being the seventh top country hostingWeb-based attacks in APJ.

Leveraging data from its recent Report on the Underground Economy, Symantec found that there continues tobe a well-organized underground economy specializing in the sale of stolen confidential data, particularly creditcard and bank account credentials. This underground economy is thriving; whereas prices for goods in thelegitimate market have fallen, prices for goods in the underground economy have remained consistent from2007 through 2008. The report also points to the increased resilience of malware authors against attempts tohalt their activities. As an example, the shutdown of two U.S.-based botnet hosting outfits contributed to asignificant decrease in active botnet activity during September and November 2008; however, botnet operatorsfound alternate hosting Web sites and botnet infections quickly rose to their pre-shutdown levels.

“As malicious code continues to grow at a record pace we’re also seeing that attackers have shifted from massdistribution of a few threats to micro-distribution of millions of distinct threats,” said Symantec’s KannanVelayutham, Enterprise Security Consultant, Malaysia. “Cybercriminals are profiting from creating anddistributing customized threats that steal confidential information, particularly bank account credentials andcredit card data. While the above ground economy suffers, the underground economy has remained consistentlysteady.”

Web application platforms were common sources of vulnerabilities during the evaluation period. These pre-builtsoftware products are designed to simplify the deployment of new Web sites and are in widespread use aroundthe Internet. Many of these platforms were not designed with security in mind and consequently harbornumerous flaws leaving them potentially vulnerable to attack.

Of all the vulnerabilities identified in 2008, 63 percent affected Web applications, up from 59 percent in 2007.Of the 12,885 site-specific cross-site scripting vulnerabilities reported in 2008 only 3 percent (394) had beenfixed at the time the report was written. The report also found that Web-based attacks originated from countriesaround the globe, with the most originating from the United States (38 percent), followed by China (13 percent)and the Ukraine (12 percent). Six of the top 10 countries where Web-based attacks were prominent were fromthe Europe and Middle East Africa (EMEA) region – these countries accounted for 45 percent of the worldwidetotal, more than any other region.

“The unfortunate reality is that innocent Web surfers can visit a compromised website and unknowingly placetheir personal and financial information at risk,” added Kannan. “Computer users have to be extra vigilant abouttheir security practices.”

The report found that phishing continued to grow. In 2008, Symantec detected 55,389 phishing website hosts, anincrease of 66 percent over 2007, when Symantec detected 33,428 phishing hosts. Financial services accountedfor 76 percent of phishing lures in 2008 compared to 52 percent in 2007.

Finally, the report found that the volume of spam continued to grow. Over the past year, Symantec observed a192 percent increase in spam detected across the Internet as a whole, from 119.6 billion messages in 2007 to349.6 billion in 2008. In 2008, bot networks were responsible for the distribution of approximately 90 percent ofall spam e-mail.

ADDITIONAL FINDINGS
· By the end of 2008, there were more than 1 million individual computers infected by the worm Downadup(also known as Conficker); this worm was able to spread rapidly across the Internet due to a number ofadvanced propagation mechanisms. The number of Downadup/Conficker infections worldwide grew tomore than 3 million infected systems during the first quarter of 2009.
· In 2008, Symantec observed an average of more than 75,000 active bot-infected computers each day, a 31percent increase from 2007 worldwide.
· Credit card information (32%) and bank account credentials (19%) continue to be the most frequentlyadvertised items. The price range for credit card information remained consistent in 2008, ranging from$0.06 to $30 per card number.