Symantec.com
Partners
About Symantec
cartCart
WelcomeProductsServicesSolutions & IndustriesTrainingSupportSecurity Response
Enterprise
Symantec.com > Enterprise > Internet Security Threat Report

Internet Security Threat Report

The Symantec Internet Security Threat Report offers analysis and discussion of threat activity over a six-month period. It covers Internet attacks, vulnerabilities, malicious code, phishing, spam and security risks as well as future trends. The thirteenth version of the report, released April 8, 2008, is now available.

Internet Security Threat Report Volume XIII: April, 2008

Executive Summary: April, 2008

Threat Report X

Volume XIII Highlights

Attackers have adopted stealth tactics that prey on end users on individual computers via the World Wide Web, rather than attempting high-volume broadcast attacks to penetrate networks. This may be because enterprise network attacks are now more likely to be discovered and shut down, whereas specifically targeted malicious activity on end-user computers and/or web-sites is less likely to be detected. Site-specific vulnerabilities are perhaps the most telling indication of this trend.

Site-specific vulnerabilities affect custom or proprietary web-site code. These vulnerabilities are a concern because they allow attackers to compromise specific web-sites, which can then be used to launch subsequent attacks. Social networking sites are a favorite target, as a successful compromise gives attackers access to a large number of people who are likely to trust the site. These sites often expose confidential user information that can then be used in attempts to conduct identity theft or online fraud.

Site-specific Vulnerabilities

Table 1. Site-specific Vulnerabilities
Source: Symantec CorporationDuring the last six months of 2007, 11,253 site-specific cross-site scripting vulnerabilities were documented, compared to 6,961 between February and June in the first half of the year.

Featured Media

Webcast: Internet Security Threat Report Volume XIII

Regional & Industry Reports

The following reports provide in-depth analysis on regional and government sector threat activity:

Podcasts

Podcasts on the Internet Security Threat Report, Vol. XIII:

ISTR XIII - Key Findings
An overview of the threats and trends covered in Symantec's latest Internet Security Threat Report and offers strategies for mitigation. Listen now

ISTR XIII - Maturation of Underground Economy Servers
Symantec's discussion on underground economy servers - black market forums used by criminal organizations to advertise and trade stolen information and services. Listen now

ISTR XIII - Phishing Trends
Symantec assesses phishing according to two indicators: phishing attempts and phishing messages. A phishing attempt can be defined as an instance of a phishing message being sent to a single user. This podcast will cover phishing metrics, providing analysis and discussion of the data gathered by Symantec between July 1 and December 31, 2007. Listen now

Internet Security Threat Report Blog

Read what Symantec’s Security Response experts are writing about the latest issue of the Internet Security Threat Report

Archive

Download any of our past Internet Security Threat Reports.


Site Map · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2008 Symantec Corporation