Malicious activity continues to grow at a record pace globally and in India

BANGALORE, INDIA: Symantec Corp. announced that malicious code activity continued to grow at a record pace throughout 2008, primarily targeting confidential information of computer users.

According to the company’s Internet Security Threat Report Volume (ISTR) XIV, Symantec created more than 1.6 million new malicious code signatures in 2008. This equates to more than 60 percent of the total malicious code signatures ever created by Symantec -- a response to the rapidly increasing volume and proliferation of new malicious code threats. These signatures helped Symantec block an average of more than 245 million attempted malicious code attacks across the globe each month during 2008.

The Internet Security Threat Report is derived from data collected by millions of Internet sensors, first-hand research, and active monitoring of hacker communications, and provides a global view of the state of Internet security. The study period for the ISTR XIV covers January 2008 to December 2008.

Symantec Internet Security Threat Report -- Global

The report noted that Web surfing remained the primary source of new infections in 2008, and that attackers are relying more and more on customized malicious code toolkits to develop and distribute their threats.

In tune with the global trends, India too saw a substantial increase in its proportion of malicious activity in almost every category. India had the fifth highest number of broadband subscribers in the APJ region in 2008 and the third highest volume of malicious activity, with 10 percent of the regional total. Computers from the United States and China were the leading source of Web-based attacks targeting India, accounting for 84 percent and 5 percent respectively.

“Due to a rapidly growing Internet infrastructure, a burgeoning broadband population and rampant software piracy, India is expected to witness increased malicious activities,” said Vishal Dhupar, managing director, Symantec India. “Unless enterprises improve security protocols and measures to counter malicious activities, India will continue to be a soft target of Internet threats.”

According to the report, India had an average of 836 bots per day during 2008 and there were 1,03,812 distinct bot-infected computers observed in the country during the period. This was a staggering increase of nearly 250 percent from the previous Internet Security Threat Report.

Globally, in 2008, Symantec observed an average of more than 75, 000 active bot-infected computers each day, a 31 percent increase from 2007. India also saw a huge surge in bot command & control servers from 40 in 2007 to 70 in 2008. Bot command-and-control (C&C) servers are computers that botnet owners use to relay commands to bot- infected computers on their networks. The sharp increase in bot-infected computers in India points towards low adoption of security measure that includes Anti -Malware, Intrusion Prevention and Intrusion Detection.

Among the cities in India with the highest number of bot-infected computers, Mumbai figured at the top with 37 percent followed by Chennai at 24 percent and Delhi at 7 percent. Cities like Bangalore, Hyderabad, Calcutta, Surat, Ahmadabad, Cochin and Pune too had a sizeable share of bot-infected computers.

Another alarming trend for Internet users in India is the threat landscape being heavily infested with worms and viruses. In the APJ region, India ranked first on worms and viruses attacks prevalence chart. 9 of the top 10 malcodes found in India consisted of worms (55 percent) and viruses (15 percent) that disabled security related processes, downloaded additional threats and stole confidential information.

While the global averages for worms and virus attacks increased only marginally, India continued to rank high on these vectors of infection. A perfect case in point was the Downadup/Conficker worm, which left over thousands of computers in India infected during the initial stages of attack.

“Enterprises with a lack of ‘defense in depth’ strategies are more likely to see worms and viruses infiltrate their environments and easily access their information and infrastructure,” said Dhupar. “It is time Indian enterprises adopt ingress and egress filtering on perimeter devices to prevent unwanted activity.”

Sixty-five percent of worms and viruses in Indian enterprises are propagated through the File Sharing/Executables mechanism. This indicates that endpoint security and policy are still missing in many organizations as this level of security protection would have allowed IT administrators to scan removable drives for threats. A large number of infections in India have also occurred due to filesharing programs, free downloads, and freeware and shareware versions of software.

Apart from the issue of worms and viruses, spam and phishing continued to plague India as well as the rest of the world. Over the past year, Symantec observed a 192 percent increase in spam detected across the Internet as a whole, from 119.6 billion messages in 2007 to 349.6 billion in 2008. The report found that phishing continued to grow. In 2008, Symantec detected 55,389 phishing Web site hosts, an increase of 66 percent over 2007, when Symantec detected 33,428 phishing hosts.

Twelve percent of spam detected in APJ in 2008 originated in India, making it the third-ranked country for this category. In 2007, India was the fifth-ranked APJ country, accounting for only 4 percent of spam in the region. It had the second highest number of spam zombies, with 17 percent of the regional total, and the fourth highest number of bots, with 5 percent of the total.

The high ranking of India in these categories is the main reason for the high volume of spam originating there.