Symantec Tallies More Than 1 Million Malware Threats; Legitimate Sites New Transmission Vector

According to the latest Internet Security Threat Report from security vendor Symantec, the number of new malicious code threats rose sharply last year, topping the number of legitimate applications for the first time.The threat report counts 711,912 new threats in 2007, 499,811 of them just in the last six months of the year. Sixty-five percent of the nearly 55,000 new applications released in the the second half of the year were malicious, the report said. Most of the attacks were aimed at acquiring confidential user information rather than attempting to take over compromised computers.

The company blamed the flood of new threats to specialization by malware makers and to criminal organizations that hire them. "A group of specialized programmers can create a larger number of new threats than can a single malicious code author, bringing about economies of scale and therefore an increased return on investment," the report said.

Most malware attacks up to now required a user to visit malicious sites or click on an e-mail attachment. Now, though, hackers are working through legitimate sites, especially social networks. Symantec believes that companies will need to adopt security measures based on "whitelisting" approved code sources, rather than "blacklisting" identified threats, which are coming too fast to keep up with.Computerworld, The Register