News Release
EMBARGOED: Tuesday, 20 April, 2010 at 2.00pm (Sydney time)
CONTACT:
Debbie Sassine
Symantec Corp.
+61 405 735 323
Debbie_sassine@symantec.com
Cybercrime’s Financial and Geographic Growth Shows No Slowdown during the Global
Economic Crisis
Symantec blocks an average of 100 potential attacks per second in 2009
SYDNEY, Australia – 20 April 2010 – Symantec Corp. (Nasdaq: SYMC) today released its new internet
Security Threat Report volume XV, which highlights key trends in cybercrime from 1 January 2009 to 31
December 2009. In a year bookended by two very prominent cyber attacks – Conficker in the opening months
of the year and Hydraq at the very end – Symantec’s Internet Security Threat Report reveals continued growth
in both the volume and sophistication of cybercrime attacks.
“Attacks have evolved from simple scams to highly sophisticated espionage campaigns targeting some of the
world’s largest corporations and government entities,” said Stephen Trilling, senior vice president, Security
Technology and Response, Symantec. “The scale of these attacks and the fact that they originate from across
the world, makes this a truly international problem requiring the cooperation of both the private sector and
world governments.”
Notable trends highlighted in this year’s report include:
An increase in the number of targeted threats focused on enterprises. Given the potential for
monetary gain from compromised corporate intellectual property (IP), cybercriminals have turned
their attention toward enterprises. The report found that attackers are leveraging the abundance of
personal information openly available on social networking sites to synthesise socially engineered
attacks on key individuals within targeted companies. Hydraq gained a great deal of notoriety at the
beginning of 2010, but was only the latest in a long line of such targeted attacks including Shadow
Network in 2009 and Ghostnet in 2008.
Attack toolkits make cybercrime easier than ever. Cybercrime attack toolkits have lowered the bar
to entry for new cybercriminals, making it easy for unskilled attackers to compromise computers and
steal information. One such toolkit called Zeus (Zbot), which can be purchased for as little as
US$700, automates the process of creating customised malware capable of stealing personal
information. Using kits like Zeus, attackers created literally millions of new malicious code variants
in an effort to evade detection by security software.
Web-based attacks continued to grow unabated. Today’s attackers leverage social engineering
techniques to lure unsuspecting users to malicious websites. These websites then attack the victim’s
web browser and vulnerable plug-ins normally used to view video or document files. In particular,
2009 saw dramatic growth in the number of web-based attacks targeted at PDF viewers; this
accounted for 49 percent of observed web-based attacks. This is a sizeable increase from the 11
percent reported in 2008.
Malicious activity takes root in emerging countries. The report saw firm signs that malicious
activity is now taking root in countries with an emerging broadband infrastructure, such as Brazil,
Cybercrime’s Financial and Geographic Growth Shows No Slowdown during the Global Economic Crisis
Page 2 of 3
India, Poland, Vietnam and Russia. In 2009, these countries moved up the rankings as a source and
target of malicious activity by cybercriminals. The findings from the report suggest that government
crackdowns in developed countries have led cybercriminals to launch their attacks from the
developing world, where they are less likely to be prosecuted.
Other ISTR Highlights:
Malicious code is more rampant than ever. In 2009, Symantec identified more than 240 million
distinct new malicious programmes, a 100 percent increase over 2008.
Top threats. The Sality.AE virus, the Brisv Trojan and the SillyFDC worm were the threats most
frequently blocked by Symantec security software in 2009.
Downadup (Conficker) still very prevalent. It was estimated that Downadup was on more than 6.5
million PCs worldwide at the end of 2009. Thus far, machines still infected with
Downadup/Conficker have not been utilised for any significant criminal activity, but the threat
remains a viable one.
Compromised identity information continues to grow. Sixty percent of all data breaches that
exposed identities were the result of hacking. In a sign that this issue is not limited to a few larger
enterprises, the Symantec State of Enterprise Security Report 2010 reported that 75 percent of
enterprises surveyed experienced some form of cyber attack in 2009.
Another turbulent year for spam. In 2009, spam made up 88 percent of all e-mail observed by
Symantec, with a high of 90.4 percent in May and a low of 73.7 percent in February. Of the 107
billion spam messages distributed globally per day on average, 85 percent were from botnets. The 10
major bot networks, including Cutwail, Rustock and Mega-D now control at least 5 million
compromised computers. Throughout 2009, Symantec saw botnet infected computers being
advertised in the underground economy for as little as US$0.03 per computer.
Applying security patches continues to be a challenge for many users. The report found that
maintaining a secure, patched system became more challenging than ever in 2009. Moreover, many
users are failing to patch even very old vulnerabilities. For example, the Microsoft Internet Explorer
ADODB.Stream Object File Installation Weakness was published on 23August 2003, and fixes have
been available since July 2, 2004, yet it was the second-most attacked web-based vulnerability in
2009.
Protecting the Community-at-Large
In addition to Symantec’s Internet Security Threat Report XV, Symantec today also announced its Norton
2011 beta
offerings, and several new tools in the fight against cybercrime such as Norton Safe Web for
Facebook
and Norton Power Eraser. These tools will remain free and address some of today’s trickiest and
most prevalent issues related to malware infection and removal.
Resources
Symantec Internet Security Threat Report XV Microsite
Threat Landscape Overview on Slide Share
Symantec Security Response Blog
Industry Resources at Delicious.com
2010 State of Enterprise Security Report
2010 State of Enterprise Security on SlideShare
About the Symantec Internet Security Threat Report
The Internet Security Threat Report is derived from data collected by tens of millions of internet sensors, first-
hand research, and active monitoring of hacker communications, and it provides a global view of the state of
Internet Security. The study period for the Internet Security Threat Report XV covers January 2009 to
December 2009.
Cybercrime’s Financial and Geographic Growth Shows No Slowdown during the Global Economic Crisis
Page 3 of 3
About Symantec
Symantec is a global leader in providing security, storage and systems management solutions to help
consumers and organisations secure and manage their information-driven world. Our software and services
protect against more risks at more points, more completely and efficiently, enabling confidence wherever
information is used or stored. More information is available at www.symantec.com.
###
NEWS 
