SOURCE: Symantec

December 17, 2007 08:00 ET

Symantec Looks Back at the Internet Security Trends and Threats of 2007

Company Also Provides Information on Threats to Watch for 2008

CUPERTINO, CA--(Marketwire - December 17, 2007) -


Symantec (NASDAQ:SYMC), the leader in Internet security, has unveiled the top Internet security trends of 2007 that impacted consumers and business. The security trends emphasize the ongoing evolution of cybercrime becoming more professional and commercial. Two key trends that summarize the findings are "topical" and "trust" -- attackers in 2007 lured computer users by using current events and trusted brands.

The top 10 Internet security trends of 2007 as tracked by Symantec Response include:

  • Bots -- Bots and botnets, otherwise known as zombie networks, continued to silently slip onto unsecured computers and perpetrate a wide variety of malicious activity. Bots knocked Estonia off the online map and the Storm worm employed bot technology as well.
  • Data Breaches -- High-profile data breaches underscored the importance of data loss prevention technologies and strategies.
  • Vista Introduction -- Microsoft Vista made its debut and attackers quickly found holes. Microsoft has already released 16 security patches to address impacts on the new operating system.
  • Spam -- In 2007, spam reached new and record levels. Image spam declined while PDF spam emerged as a new annoyance. Greeting-card spam was also responsible for spreading the extremely pervasive Storm worm malware (also known as Peacomm).
  • Professional Attack Kits -- Today's attackers are increasingly sophisticated and organized and have begun to adopt methods that are similar to traditional software. They're actually selling easy-to-use cyber fraud kits for profit, to recruit non-tech savvy larcenists to learn how to defraud victims online. MPack is just one illustration of this phenomenon.
  • Phishing -- Phishing continued to be a big trend in 2007 with an 18 percent increase in unique phishing sites during the first half of the year. Phishing toolkits contributed to the problem. A recent Olympic phishing scheme illustrates the topical tricks phishers use as bait.
  • Exploitation of Trusted Brands -- By exploiting a trusted Web environment, attackers now prefer to lie in wait for victims to come to them. These trusted brands are often regional, since national brands usually have more-protected sites.
  • Web Plug-in Vulnerabilities -- Web plug-in vulnerabilities and exploits continued to plague IT experts and home users during 2007. ActiveX controls comprise the majority of plug-in vulnerabilities and pose various security threats that may compromise the availability, confidentiality, and integrity of a vulnerable computer.
  • Vulnerabilities for Sale -- Wabi Sabi Labi debuted and offered an auction-style system for selling vulnerability information to the highest bidder, sparking controversy and discussion between competing schools of thought on how to handle vulnerability information.
  • Virtual Machine Security Implications -- Virtualization made big headlines in 2007 with major players going public. Security researchers are actively exploring the security implications of virtual technology.


Below, Symantec's team of Internet security experts has forecasted the most highly anticipated security challenges for 2008:

  • Bot Evolution -- Symantec expects bots to diversify and evolve in their behavior. For example, phishing sites hosted by bot zombies may develop.
  • Election Campaigns -- As political candidates increasingly turn to the Internet, it is important to understand the associated security risks of increased dependence and interdependence on technology in the election process. These risks include the diversion of online campaign donations; dissemination of misinformation about candidates positions and conduct; fraud; phishing; and, the invasion of privacy.
  • Advanced Web Threats -- As the number of available Web services increases and as browsers continue to converge on a uniform interpretation standard for scripting languages, such as JavaScript, Symantec expects the number of new Web-based threats to continue to increase.
  • Mobile Platforms -- Interest in mobile security has never been higher. As phones become more complex, and more connected, Symantec expect attackers to take advantage.
  • Spam Evolution -- Symantec expects to see spam continuously evolve in order to evade traditional blocking systems and trick users into reading messages.
  • Virtual Worlds -- Symantec expects that as the use of persistent virtual worlds (PVWs) and massively multiplayer online games (MMOGs) expands, new threats will emerge as criminals, phishers, spammers, and others turn their attention to these new communities.


  • Don't click on links sent in suspicious emails. Always type the known URL directly into the URL window.
  • Never open attachments received in emails from unknown senders.
  • Check your credit card statements and reports regularly for fraudulent activity that may have resulted from a data breach, hack or other malicious activity.
  • Be extra cautious when shopping online, particularly during the busy online holiday shopping season. Look for the lock symbol and "s" in the URL -- it should read "H-T-T-P-S" -- on any page that requests a credit card number.
  • Maintain active Internet security protection, which includes antivirus, antispyware, firewall and identity protection. Keep operating systems (for example, Windows® XP), browsers (for example, Internet Explorer), and other applications (such as RealPlayer or iTunes) updated with the latest security patches. Remember to protect your mobile devices too.
  • Use digital common sense -- if something seems askew online, don't proceed.


To find out more about threats facing today's Internet users, visit the following resources:


Symantec Response Internet security experts are available for remote interview for your television and online video stories. Please contact us to arrange.

About Symantec

Symantec is a global leader in infrastructure software, enabling businesses and consumers to have confidence in a connected world. The company helps customers protect their infrastructure, information and interactions by delivering software and services that address risks to security, availability, compliance and performance. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Contact Information