We've all been affected by malicious internet activity, and advances in the web's technology means cyber criminals, hackers and spammers are rapidly adopting new and varied attack vectors. We look at whether predictions made by Symantec last year regarding internet security have come true and what the rest of the year will hold.

If the internet is to become a safer place, it is imperative to understand the trends and developments taking place in the internet threat landscape and maintain online security best practices.

In December 2008, Symantec researchers predicted a number of security trends to watch out for in 2009.

Now that we are into the second half of the year, it's time to check in on those predictions to see not only how they have panned out, but also what other developments have occurred.

What follows is an update on the predictions Symantec made late last year, as well as a few new trends that our analysts have seen develop in the first half of 2009.

A predictions check-up

The global economic recession has been one of the most noticeably exploited bases for attack in 2009. Its impact has been far-reaching and the computer industry is far from immune to its affects. Schemes and scams targeting victims of the recession and touting solutions to its problems are prevalent. Some of the threats are new and some have been around for awhile. These scams include:

  • Home repossession scams
  • Scams targeting people seeking mortgages or refinancing
  • Scams exploiting the US economic stimulus packages
  • Scams targeting the unemployed with offers almost too good to resist
  • Attacks seeking to exploit users of classifieds and online job placement boards
  • 'Work at home' schemes

Social networking becomes an even more popular attack vector
There's no question that online social networking continues to rise in popularity due to the numerous conveniences and opportunities it provides.

There's also no question that social networking provides phishers with a lot more bait than they used to have. Threats can come from all sorts of avenues within a social networking site.

Games, links and notifications are the low-hanging fruit for phishers to use as they lead people into dangerous territory. As society picks up one end of the social networking stick, it finds that it inevitably picks up the security problems on the other end.

Spam levels continue to rise
We may not want it, but it still keeps coming. In July 2009, an average of 89 percent of all email messages were spam. The overall amount does fluctuate, and a fight is underway to ward off or close down as many spammers as possible, but on average, the levels of spam have primarily risen rather than fallen.

Big headlines almost always lead to more spam, and major headlines from 2009, such as the death of Michael Jackson, the H1N1 flu outbreak and the Italian earthquake are obvious examples of this.

Broadband speed test

PC security advice

NEXT PAGE: Web threats grow in complexity and sophistication

  1. Symantec's Zulfikar Ramzan looks at emerging trends in security
  2. Web threats grow in complexity and sophistication
  3. New and developing trends

We've all been affected by malicious internet activity, and advances in the web's technology means cyber criminals, hackers and spammers are rapidly adopting new and varied attack vectors. We look at whether predictions made by Symantec last year regarding internet security have come true and what the rest of the year will hold.

Web threats grow in complexity and sophistication
Distribution and channel options are not the only things that have increased for cybercriminals, their skills and creativity have followed the same pattern. In addition to the threats being new, they are becoming increasingly sneaky and complex.

New scams, such as drive-by downloads, or exploits that come from seemingly legitimate sites, can be almost impossible for the average user to detect.

Before the user knows it, malicious content has been downloaded on to their computer, and they face an often expensive and time-consuming recovery process. As predicted, the level of sophistication in such threats continues to rise.

New malware variants explode on to the scene at an unprecedented rate
One of the most noticeable increases we have observed in the security landscape is the sheer number of attacks and various methods for their distribution.

Each month, Symantec security researchers block an average of more than 245 million attempted malicious code attacks across the globe. Most of the attempted threats have never been seen before.

A combination of new distribution strategies, new media and internet channels and increasingly advanced hacker techniques all add up to more malware. While attackers previously used to distribute a few threats to a large number of people, they are now micro distributing millions of distinct threats to smaller, unique groups of people.

All of these factors combined together equal an unlimited number of unique malware attacks occurring.

Broadband speed test

PC security advice

NEXT PAGE: New and developing trends

  1. Symantec's Zulfikar Ramzan looks at emerging trends in security
  2. Web threats grow in complexity and sophistication
  3. New and developing trends


We've all been affected by malicious internet activity, and advances in the web's technology means cyber criminals, hackers and spammers are rapidly adopting new and varied attack vectors. We look at whether predictions made by Symantec last year regarding internet security have come true and what the rest of the year will hold.

New and developing trends

Cross-industry co-operation increases in an effort to tackle cybercrime
The Conficker worm, which grew to alarming proportions early this year, prompted collaboration across several groups to solve one of the most complex and widely spread threats to hit the web in a number of years.

The Conficker Working Group comprised industry leaders and people from academia and as they worked together, the combined efforts of the group proved successful. Security researchers, Internet Corporation for Assigned Names and Numbers (ICANN) and operators in the domain name system were able to work with several industry vendors to coordinate a response that disabled domains targeted by Conficker.

This example represents the type of collaboration that will likely increase in the industry in order to successfully address today's ever-more complex security threats.

Some old threats make comebacks
While much has changed on the threat landscape, some basic components remain, and, more interestingly, some older trends have made a comeback.

As stated earlier, many cybercriminals have begun sending multiple distinct threats to smaller numbers of people, but there have also been notable examples of the older technique of sending a few threats to a massive number of people.

The motivation for either method is frequently financial, as much of today's malicious internet activity is, and the goal is often to steal personal data, distribute rogue antivirus software or propagate spam.

There are of course those attacks that have no real purpose except to wreak havoc, but whatever the motivation, the various methods are prompting the need for a multi-layered defense that combines traditional detection with complementary detection such as reputation-based security models.

Deceptive methods that imitate traditional business practices continue to be utilised
One tactic cybercriminals are growing fonder of is imitating traditional business practices in an attempt to ensnare unsuspecting users.
In today's world, business on the Internet is part of life.

Cybercriminals recognise this and are clever enough to imitate business interactions. Even apart from business interactions, cybercriminals have figured out how to deceive people by presenting counterfeit messages.

Examples of this include malicious advertisements or 'malvertisements', which redirect people to malicious sites, or 'scareware', which appear as antivirus scanners and scare people into thinking that their computer is infected when that's not really the case.

The user is then lured into buying a fake product. Such deception is a prevalent security risk and is growing in use.

Internet threats continue to increase in volume and severity. It is important that computer users are on guard in order to make themselves less vulnerable to risks and threats. Staying abreast of the trends and developments taking place in online security is critical for both industry researchers and all computer users alike.

Broadband speed test

PC security advice

See also: PC Advisor's Windows security masterclass

  1. Symantec's Zulfikar Ramzan looks at emerging trends in security
  2. Web threats grow in complexity and sophistication
  3. New and developing trends