Symantec logs 100 per cent rise in new malware

Symantec's latest threat report highlighted another huge surge in new malware

More than 240 million new malicious programs were discovered last year, with cyber criminals increasingly focusing on web-based and targeted attacks, according to the latest annual Symantec Internet Security Threat Report.

The findings for 2009 showed a 100 per cent year-on-year increase in new malware, and Symantec solutions architect Sian John said that one new botnet-infected computer is detected worldwide every 4.6 seconds.

John warned that malicious activity is taking root especially in developing countries, where less experienced users are coming online without investing in security tools to protect internet connected devices.

These countries have also become a source of malicious activity, she added, because many do not have the legislation in place to crack down on cyber crime.

Web-based attacks continue to be the most common, and browser vulnerabilities are increasingly being targeted, explained John.

"People say that Internet Explorer [IE] is the most targeted, but that's only because it's the most popular," she said.

"It takes IE and Firefox less than a day of exposure [to a new threat] before a patch is available, but it's about 13 days with Safari. Apple is going to have to catch up because that's quite a long time to be exposed."

The report also highlighted the growing problem of sophisticated attacks targeting specific enterprises, often with the aim of stealing intellectual property rather than customer card details.

This was highlighted by Google's revelation early this year that its staff had been subject to targeted attacks which used information on them gathered on social networking sites.

The increasing availability of special attack toolkits is also causing problems, making it easier for less tech-savvy criminals to try their hand at cyber crime. The Zeus toolkit can be bought for as little as $700 (£455), said Symantec, and automates the creation of customised data-stealing malware.

Finally, John warned that patching known vulnerabilities is becoming worryingly challenging for users.

"They don't just have to think about the operating system, but the browser and plug-ins and applications," she said.

"They need to prioritise, though. For example, fixes for an IE ADODB.Stream Object file installation weakness have been available since 2004, but it was the second most attacked web-based vulnerability in 2009."