Symantec- Norton Internet threat reports

Summary:
Symantec issues their ongoing threat report on an annual & monthly basis. They make interesting reading since overall threats and the type of threats are on the rise - marked by the increase in security updates and patches by Microsoft and security software vendors. Symantec publishes a very helpful Internet Threat report which can help you get a better sense of existing and 2010 future threats to the operation of your computer and network.

Purpose:
To emphasis that serious security risks still prevail and are increasing on the Internet despite improvements to browser security and counter measures.
To provide some "heads-up" information on the latest security threats.

By gaining a sense of what has been happening to your security and what to expect in the coming months is comforting since you realise you are not alone in facing the challenges. Also, it may explain some situations where there did not appear to be a solution available to rectify the situation. (some thing hard to explain to your colleagues, boss or family)

Symantec has come out with an on-line animated report for your convenience. For direct access to the latest reports, please click here. In the overall scheme of things, there is not a lot you can do to prevent bots being unleashed, You can keep your defenses up by making sure you have the latest virus and operating system updates plus a top quality Internet Security package on your system with a two way firewall

Example: Emerging Threat: Bot-infected computers
Bots are programs that are covertly installed on a user’s machine in order to allow an unauthorized user to control the computer remotely through a communication channel such as IRC. These channels allow the remote attacker to control a large number of compromised computers over a single, reliable channel in a bot network, which can then be used to launch coordinated attacks.
Bots allow for a wide range of functionality and most can be updated to assume new functionality by downloading new code and features. Bots can be used by external attackers to perform DoS attacks against an organization’s Web site. Furthermore, bots within an organization’s network can be used to attack other organizations’ Web sites, which can have serious business and legal consequences.
Bots can be used by attackers to harvest confidential information from compromised computers, which can lead to identity theft. Bots can also be used to distribute spam and phishing attacks, as well as spyware, adware, and misleading applications.
Between July 1 and December 31, 2008, Symantec observed an average of 63,912 active bot-infected computers per day. This is an 11 percent increase over the previous six-month period. Furthermore, Symantec observed 6,049,594 distinct bot-infected computers during the current reporting period, a 29 percent increase from the previous period. This increase is largely driven by a peak in bot activity in September when a number of vulnerabilities were disclosed that were actively exploited by bots.
Command-and-control servers are computers that bot network owners use to relay commands to bot-infected computers on their networks. 
In the last six months of 2006, Symantec identified 4,746 bot command-and-control servers, a 25 percent decrease from the first six months of 2008. A drop in the number of command-and-control servers combined with a rise in the number of bot-infected computers indicates that, on average, bot networks are increasing in size. Bot networks are thus becoming more consolidated. Consolidated bot networks will likely mean that organizations will have to deal with a well entrenched, experienced, and dedicated group of bot network owners instead of a population of hobby hackers. It could also signal a fundamental change in the way bots communicate with one another.
Symantec has seen bots that are structured on a peer-to-peer model, in which the machines connect together rather than connecting to a central command-and-control server.
Symantec has also observed that command-and-control servers are beginning to adopt encryption, so that they are less visible. China had the highest number of bot-infected computers during the second half of 2006, accounting for 26 percent of the worldwide total. This is an increase of six percentage points over the previous six months. This increase was driven by a rise in the number of bots in the country rather than a decrease in other countries. This coincides with and illustrates a trend that Symantec first discussed in 2005, in which bot activity in China appeared to be increasing. During the second half of 2006, the United States had the second highest number of bot-infected computers, accounting for 14 percent of the worldwide total. The United States was the site of 40 percent of all known command-and-control servers, making it the highest ranked country in this category. The high proportion of command-and-control servers likely indicates that servers in the United States control not only bot networks within the country but offshore as well.
Organizations should monitor all network-connected computers for signs of bot infection, ensuring that any infections are detected and isolated as soon as possible. They should also ensure that all antivirus definitions are updated regularly.
As compromised computers can be a threat to other systems, Symantec also recommends that the enterprises notify their ISPs of any potentially malicious activity. Creating and enforcing policies that identify and limit applications that can access the network may also be helpful in limiting the spread of bot infections. To prevent bot infections, Symantec recommends that ISPs perform both ingress and egress filtering to block known bot traffic. ISPs should also filter out potentially malicious email attachments to reduce exposure to enterprises and end users.End users should employ defense-in-depth strategies, including the deployment of antivirus software and a firewall. They should update antivirus definitions regularly and ensure that all desktop, laptop, and server computers are updated with all necessary security patches from their operating system vendor. Symantec also advises that users never view, open, or execute any email attachments unless the attachment is expected and comes from a known and trusted source, and unless the purpose of the attachment is known.

View the latest- complete Symantec Internet Security Threat reports. See more info on privacy computer safety and network protection software.

Symantec™ Symantec Corporation.