Malware jumps over 200 per cent in 2008

Cyber criminals are stepping up attacks on smartphones

Last year saw another staggering rise in malicious software, according to the latest EMEA Internet Security Threat Report from Symantec.

The security firm created more than 1.6 million new malicious code signatures in 2008, and warned that companies may be at increasing risk from attacks on smartphones.

Symantec's annual study is one of the most extensive in the industry, using statistics from the firm's own products and services as well as third-party data from over 200 countries. This edition identified a rise in malware attacks of more than 200 per cent from 2007, and a 47 per cent surge in botnet activity with a total of 5,147 new 'command and control' servers.

Trojans were the most common form of malware, accounting for 66 per cent of the top 50 potential infections in EMEA, as criminals sought to steal financial and other data to sell online.

Symantec chief scientist Guy Bunker warned that, although most corporates are well protected at the desktop or laptop level, they need to be educated more about the risks posed by smartphones, which are increasingly used to access back-end systems.

"Companies need to upgrade their security policies and applications to ensure that smartphones are adequately covered," he said.

Bunker also warned that USB storage devices would be used increasingly over the next year to spread malware, while the rollout of fibre-to-the-home could attract the attention of more botnet herders looking to compromise UK PCs.

But there was a note of optimism too. Bunker claimed that the industry had reached a "tipping point" in the way malware is detected.

"There has been a huge increase in the amount of malware, but when it's built from the same building blocks it makes it slightly simpler and easier to catch, " he said.

Jay Abbott, threat and vulnerability leader at consultancy PricewaterhouseCoopers, argued that browser plug-ins and vulnerabilities in web applications are among the biggest sources of risk.

"I am constantly being asked by clients to test their web applications because this is where the majority of vulnerabilities are at the moment," he said.

Graham Titterington of analyst firm Ovum warned that threat levels are still high, thanks to the "democratisation" of malware tools, which are increasingly bought and sold online at ever lower prices, and the fast-mutating nature of many viruses.

However, IT systems and applications are being increasingly engineered with security in mind, while heightened public awareness of the threats has helped to raise general internet hygiene levels, he added.

"We have not really seen a radical new attack vector," said Titterington. " It shows that, generally speaking, we are doing a pretty good job at defending things, but the battle is never won."