Malicious Activity Grew At a Record Pace In 2008

An anonymous reader writes "Symantec announced that malicious code activity continued to grow at a record pace throughout 2008, primarily targeting confidential information of computer users. According to the company's Internet Security Threat Report Volume XIV (PDF), Symantec created more than 1.6 million new malicious code signatures in 2008. This equates to more than 60 percent of the total malicious code signatures ever created by Symantec — a response to the rapidly increasing volume and proliferation of new malicious code threats. These signatures helped Symantec block an average of more than 245 million attempted malicious code attacks across the globe each month during 2008." Another anonymous reader notes a related report from Verizon (PDF), which says 285 million records were compromised in 2008, more than the total of the previous four years combined.

A Full Day of Helpful News Reports!

[eldavojohn]

Wow! First McAfee found out through objective research that spam ruins the environment and now Symantec has an unbiased report showing malicious activity is on the rise!

I can not wait for Richard Stallman's report on commercial closed source software costing a record high price in 2008. I mean assuming he comes to that conclusion, of course.

I would just like to point out that the URL for that PDF report indicates it is stored in a directory named 'mktginfo.' I wonder what that stands for ... "Mortal Kombat: The Game Info" perhaps?

Re:A Full Day of Helpful News Reports!

[A.+B3ttik]

I would just like to point out that the URL for that PDF report indicates it is stored in a directory named 'mktginfo.' I wonder what that stands for ... "Mortal Kombat: The Game Info" perhaps?

If you search the folder, there's another file, 'info.txt' with one line:

UP DOWN UP DOWN A B A B A B A B A B START SELECT

Re:A Full Day of Helpful News Reports!

[Red+Flayer]

Not for nothing... but just because something is published as part of a marketing campaign doesn't mean it isn't significant, or a worthwhile topic for discussion.

It DOES mean we should take the figures with a grain of salt.

I'm not really sure what you're adding to the discussion, we are all already aware that security vendors pump risk and impact estimates all the time.

Re:A Full Day of Helpful News Reports!

[Nerdfest]

See, this is why URL shortening is a bad idea. Well, that, and I've heard that it's fattening.

Re:A Full Day of Helpful News Reports!

[emocomputerjock]

Start select? That's why I couldn't get that damned code to work, thanks!

Re:A Full Day of Helpful News Reports!

[Scott+Scott]

I don't trust ANYTHING that blacklists my security toolkits and looks at me like I owe it something.

Is malicious code on the rise? Probably. So is the poplation of computer users. Is Symantec padding its "findings" by including anything it can get away with? Oh very yes.

Re:A Full Day of Helpful News Reports!

[DomNF15]

This info should do wonders for...their stock price

Re:A Full Day of Helpful News Reports!

You actually wanted to hit select and then start, and only if you wanted a two player game. Hitting select after start didn't do anything.

Re:A Full Day of Helpful News Reports!

[hesaigo999ca]

COME OVER HERE!!....~enter your finshing move here~

Re:A Full Day of Helpful News Reports!

[Chris+Mattern]

You, sir, have not spent enough time impaling game sprites with a harpoon. It's GET OVER HERE!

Re:A Full Day of Helpful News Reports!

[nixdroid]

Nah, they don't need marketing hype, they have this marketing agreement with Microsoft...

Re:A Full Day of Helpful News Reports!

[bcrowell]

I can not wait for Richard Stallman's report on commercial closed source software costing a record high price in 2008. I mean assuming he comes to that conclusion, of course.

The difference is that I can see why the RMS version would make it through the firehose, because slashdot users tend to be fans of free software. What I can't understand is why a slashvertizement for Symantec made it through. I wonder if companies like Symantec are astroturfing via the firehose system, using throwaway or suckpuppet accounts. There's a huge amount of slashvertizing making it through the firehose these days.

Re:A Full Day of Helpful News Reports!

[Chabil+Ha']

I'm not saying it isn't so, but just because they have a conflict of interest does not mean they are wrong. You are not wrong in being suspect, but don't let skepticism taint and bias your own opinions, either. It would be much more insightful if you were able to provide evidence that flies in the face of these reports.

Re:A Full Day of Helpful News Reports!

[techno-vampire]

I can not wait for Richard Stallman's report on commercial closed source software costing a record high price in 2008.

I think he'd be more likely to announce that commercial closed source software was overpriced in 2008.

Re:A Full Day of Helpful News Reports!

[hesaigo999ca]

I stand corrected.....I always played Baraka anyways!....something about getting skewered with double blades

Time to buy!

[_Sprocket_]

Obviously it's a good time to make that security products purchase you've been putting off. You probably want something effective... say a software suite that's been able to block more than 245 million attempted malicious code attacks across the globe each month.

Oh. Wait. I see.

Re:Time to buy!

I already have it. Debian. No malware to date, unless you count a couple of browser hijacks like being rick rolled. True, Linux isn't perfect, but it's a helluva lot closer than Windoze!!

Re:Time to buy!

[ak3ldama]

Obviously it's a good time to make that security products purchase you've been putting off.

Yes, in these economic times it is surely acceptable to green flag that project IT has been proposing. Surely it is a sound idea.

Seriously... this environment where everyone runs Microsoft products is behavior that is incomprehensible. Why would everyone want to place this target on themselves? It is a policy of opting in to these malicious attacks. There is no competitive market place where the proper winner is chosen, but a path everyone keeps going down over and over like cattle. If there was an even split between competing products (such as OS X, Linux, Windows) these attacks would eventually have to evolve in a manner that would be able to be studied and analyzed in a meaningful manner. As it is they just keep attacking Windows without care. I am not saying Windows is flawed - recent products are reasonably competitive with the other two - I am saying there aren't proper metrics and patterns able to be analyzed.

malicious code ..

[rs232]

What Operating Systems did this malicious code run on?

Re:malicious code ..

[A.+B3ttik]

TI-86

Re:malicious code ..

[SpaceLifeForm]

There are lots of Operating Systems involved.

They just happen to originate from the same place.

Re:malicious code ..

[Thelasko]

What Operating Systems did this malicious code run on?

TI-86

When will people stop being slaves to Texa$ In$trument$? HPs are so much more secure.

Re:malicious code ..

[pseudonomous]

So ... this code is being used to maliciously cheat on calculus tests?

Re:malicious code ..

[CarpetShark]

What Operating Systems did this malicious code run on?

The legal and political systems. Most of the malicious code was from the RIAA.

Re:malicious code ..

What Operating Systems did this malicious code run on?

TI-86

When will people stop being slaves to Texa$ In$trument$? HPs are so much more secure.

We're never going to see the "Year of The HP Calculator" until you people wake up and realize that Joe Six-pack doesn't want to have to learn RPN just to do simple algebra!

Re:malicious code ..

[frank_adrian314159]

HPs are so much more secure.

That's because only backward Polish people can figure out how to use them.

Re:malicious code ..

[david_thornley]

What Operating Systems does the unbiased enterprise publishing this report sell protection from malicious code on?

Re:malicious code ..

[lordtoran]

Bah, H-Pee is so elitist crap. My Casio has 12 programmable firewall registers!

Re:malicious code ..

But can it run Wolfenstien 3D?

Re: malicious code ..

[rs232]

"There are lots of Operating Systems involved. They just happen to originate from the same place"

What Operating System does the extended botnet run on that is used to hose the Internet with spam?
--

I can't refute the top post so I'll just get my sock.Puppet accounts to mod it FUNNY

Why wouldn't it grow?

[mc1138]

Security implementations constantly lag behind the times. Even the pentagon does more reactive rather than proactive implementations. http://news.slashdot.org/article.pl?sid=09/04/08/2246248 Even if this were to change, it would more likely just cause an escalation of the issue. Even as security gets more complex, so too will the hackers, especially those funded or controlled by organized crime. Your best bet is to use robust security, and never, ever assume that the Internet, or any network, is a safe place.

Vista -- Security

[KingPin27]

Perhaps McAfee noticed that there are more users running computers with "Black Screens where they type in command lines" -

Re:Vista -- Security

[LandruBek]

The technical term is prompt commands.

Helpful Code

[Ukab+the+Great]

If code that screws up your computer and resists deinstalling is defined as malicious, then the Symantec and McAfee suites must account for at least half of the malicious code being written.

Re:Helpful Code

[darnkitten]

yah. The clerk at the town I work for was on the phone all morning with tech support for her auto-backup software. The verdict? The Symantec security suite has been interfering with her backups. She finally saw reason and said she will allow me to replace the suite with something else (once the subscription runs out, giving her months to change her mind). The problem is this: to her, Symantec/Norton is synonymous with antivirus. Despite my assurances, she can't imagine that anything else will be better or will provide less problems. Malicious or not, Symantec and McAfee have their hooks in the market, and are almost impossible to clean out.

Re:Helpful Code

[twistedsymphony]

that's easy to fix... you just need to have the nightly news do an expose on how incompetent the big name AV softwares are... all you need to do is find a news personality that people trust and is smart enough to pull it of.... hmmm maybe it's not so easy.

Simple

[Joebert]

The reason is simple, people aren't even getting a slap on the wrist.

Re:Simple

[VeNoM0619]

Let me know when you catch the Downadup/conficker authors.

In the meantime, encouraging security (and equally stability) over all other features/pretty designs should be done as well. Perhaps Symantec and McAfee releasing these reports were meant to help their sales... or perhaps what they don't realize is that people are 1 step closer to Linux because of these reports...?

Re:Simple

[Joebert]

Let me know when you catch the Downadup/conficker authors.

The point is that something has to get to that point before anything is done to the people involved.

It didn't take long for the people who broke into Sarah Palins email account to get tracked down and brought to justice, but only because of her status.

The current state of how things are handled in this basically like only going after criminals who commit crimes against rich people.

Re:Simple

The person who broke into Sarah Palin's email account was stupid enough to use a commercial anonymization service, and post screenshots containing session strings for that service. The service kept logs, which were sufficient to trace the activities do the kid that did it.

The Conficker authors aren't stupid like that.

Re:Simple

[VeNoM0619]

You can't have an anonymous internet AND access to records of every origin of data.

I'll take the wild west with everyone being anonymous, so people learn not to attack the authors and fall into a false sense of security. Learn to protect yourself, don't make others do it for you.

More like "We tell you activity rose so you buy"

I wish people would stop posting crap "news". Its more like a press release announcing a new product that any actual fact.

Its basically a PR stunt that wants them to buy software.

1.6 Million new code..ohhh no whatever shall we do! What they don't tell you is all but a handfull is the same code just modified, and that less than that actually is a threat to common idiots who get infected.

Symantec

With our Corporate Edition SAV 10 installed, my machine is too slow to effectively run any other malware. I think Symantec did a good job of preventing other malware from getting any disk I/O at all.

read:

[nimbius]

even though we're circling the shitter, our products are still move valuable than ever.

Buy something else?

[TheLink]

Even if it's time to buy, it might be time to buy something else.

I doubt there were really 1.6 million really unique malware in 2008 - many of those are probably just variants. If Symantec has to add sigs for so many variants it means their tech is not so good.

Anyway, I'm not bothering with AV for my WinXP PC. Looking at how much the popular AV software out there slow down PCs, the "cure" seems worse than disease.

IMO, McAfee and Symantec are nearly as bad as being infected by the less nasty trojans. Bloatware.

Kaspersky and Comodo updates take ages (Kaspersky updates are REALLY slow!), AVG realtime scan is slow (and their link scanning thing was stupid), Avira nags a lot (but if you can turn it off or ignore it, it's not so bad I guess).

One day I guess I should test Avast.

Re:Buy something else?

[steelcaress]

Avast rocks. Catches stuff on web pages and web *searches.* (favicons infected with trojans). I've never had a botched install routine, updates itself every day (sometimes more than once), and I've used it for years. Never had a virus slip past it. I even use free net virus scanners (like McAfee) as a bench test.

Doesn't slow down any of my computers, either. Not my XP desktop (1.33 GHz with 512 MB RAM) nor my dual-core laptop with 4 GB RAM. As with anything, YMMV.

"Grow at a record pace . . . ?"

[PolygamousRanchKid+]

I get tons of emails every day promising to enable me to "grow at a record pace." Maybe the two are somehow connected.

This is actually a good strategy to get at some of the Stimulus pork pile. Get a professional grant writer provided by an IT company to draft something up that will convince federal officials that you buying that companies products, will solve the economic crisis.

I read it in the Wall Street Journal a couple of weeks ago, actually.

Take all the threats recently...

[Captain+Spam]

Well! After this and the report from McAfee that all that ugly, ugly spam is ruining the environment, I'm convinced I need to do something! And since Microsoft told me that Vista is the most secure OS on the planet (and since they invented the computer, you know we should believe them!), all this malicious activity has to be the evil work of that gosh-darn Linux computer I've got back at home! Good thing these companies have wide-reaching, robustly-developed tools to help secure my Lin...

Oh. Huh.

Why does this sound to me like an attempt at an orchestrated astroturfing campaign amongst software giants that either wasn't planned very well or was intended for people far more stupid than us and/or with less long-term memory than we have?

oh yeah

[Sir_Lewk]

TI-86's are the bomb.

Re:oh yeah

[twistedsymphony]

I prefer the TI-89 personally

285 million vs zero

[Wingsy]

"...says 285 million records were compromised in 2008." How about that. And not a one on a Mac.

Re:285 million vs zero

Does anybody know the outcome of the recent pwn2own contest? Sorry, I haven't been paying attention lately.

A more appropriate headline:

'Signature-based antivirus failing?'

Ditch all your Windows AV products right now.

[ciderVisor]

Seriously, I (and many colleagues, friends and relatives) have discovered the delights of simply running Windows as a Limited User. No more signature file downloads. No more zero-day exploits as a result of out-of-date signature files. No more background scanning bogging down your machine. Just a nice, clean system that can only really be compromised as a result of user interaction (trojans, phishing, user-permitted privilege escalation, etc.). My current Windows XP system has been running this way for 2 1/2 years without any infection. AV vendors can f*** right off as far as I'm concerned.

Re:Ditch all your Windows AV products right now.

[dudpixel]

But the summary specifically mentions that a lot of this code targetted users' personal info - which in your example would still be accessible.

This is exactly what I want to protect myself against. If the OS gets crippled or broken, I can fix that, but if they delete or worse, steal, my data, thats dangerous. Backups will protect against data being deleted but how do you prevent your personal data from being stolen?

And no, putting all my data in a location where even I cant access it is not a solution.

Most decent firewalls now will filter which applications are allowed to access the internet and warn you when any application not in its list tries to. Its not the perfect solution but definitely more secure than turning a blind eye.