The Symantec Internet Security Threat Report (ISTR) Volume 16 Is Here!

We are pleased to announce that Volume 16 of the Symantec Internet Security Threat Report (ISTR) is now available. There are some significant changes to the report this year, including several new metrics, a revamping of existing metrics, and a revised format. Aspects of the new format were first seen in the Report on Attack Kits and Malicious Websites, which was released earlier this year.

One point of interest in this most recent report is the continued prevalence of malicious code propagation through the sharing of malicious executables on removable media. This propagation mechanism has been ranked at the top for quite some time now, with no signs of coming down. However, in February 2011, right in midst of writing the report, we read an announcement by Microsoft that AutoPlay functionality (used extensively for this propagation mechanism) was getting an update that would significantly restrict its use. The update limits AutoPlay to CD and DVD media only, and as users adopt the update, we may see a substantial decline in the success rates of malicious code that makes use of it, such as SillyFDC and Sality.AE.

During 2010, much while working on the Report on Attack Kits and Malicious Websites, we noticed that the increase in Web-based attacks exploiting Java vulnerabilities was being discussed by various sources, so we were interested to see the results of our Web-based attack activity metric in this volume of the ISTR. As we had expected, many of the top attacks we saw employed exploits against Java—the results of which are increasingly being touted by attack kit developers. Java attacks that were not kit specific were also notably observed, suggesting that the use and volume of Java-related attacks will likely increase in the future. In the same vein, Adobe Reader continued to be an often-exploited technology by attack kits. These types of attacks have accounted for a large percentage of activity during the past few years, so it’s  not surprising that they continue to be so prevalent. Should attackers experience more success with attacks on Java-based technology in the coming years, we may begin to see a lower percentage of activity targeting Reader; however, it seems likely to continue to be a high-level target for some attackers.

For a complete analysis of propagation mechanisms and Web-based attack activity observed in 2010, as well discussion on other aspects of the Internet threat landscape, please download the recently released Symantec Internet Security Threat Report, vol. 16.