Targeted, PDF Attacks On The Rise: Symantec Report

These and other trends are highlighted in the Symantec Internet Security Report Volume XV, released Tuesday, which illuminates major cybercrime trends throughout the entirety of 2009.

Security experts say that one of the most significant changes in the threatscape from previous years was that more malware originated from emerging countries, such as Brazil, India, Vietnam and Russia. In particular, Brazil displaced Germany as the third largest source of malware, while India rose from No. 11 to No. 5 in 2009.

Security experts said the shift in malicious activity could be attributed, in part, to the increasing rate of bandwidth adoption in populous countries such as India and China.

"We've been predicting the emerging players are becoming more prominent players," said Zulfikar Ramzan, technical director of Symantec security technology and response.

However, the U.S. still leads the pack as far as the amount of malware distributed over the Web, Ramzan said.

In addition, Ramzan said the Google Hydraq attack, which researchers first saw in 2009, indicates a rapidly accelerating trend of targeted attacks on the way in 2010. "It's going to be a sign of what's to come," he said. "All of the big companies get hundreds or thousands or tens of thousands of threats. What made this one interesting is that it targeted big companies and got through."

Specifically, the report found that attackers leverage the array of personal information available on social networking sites to create socially engineered attacks on specific individuals within targeted companies.

While targeted attacks are nothing new, what distinguishes this current trend is that attackers are now going after intellectual property, health-care data and other information -- not the typical credit card theft, Ramzan said.

The report also found that the underground economy has flourished and become more prominent. Unlike years past, cybercriminals don't need technological acumen but are increasingly outsourcing attack functions and relying on attack toolkits. "You don't need to have a complete set of skills in-house. You can outsource," Ramzan said.

As demand has increased, toolkits have become more affordable. Cybercriminals have access to one such toolkit, known as the Zeus Zbot, for around $700, which automates the process of creating, customizing and distributing malware designed to steal sensitive information.

Meanwhile, the report indicated that crimes exploiting vulnerabilities in PDF readers are on the rise, increasing from 11 percent to 49 percent of all malware attacks. Infected PDFs are frequently used as a hook to compel victims to download malware in targeted attacks, Ramzan said, adding that a "change of that nature was pretty drastic."

Ramzan said that attackers exploit vulnerabilities in the PDF reader itself, which subsequently infects all PDF attachments once they're opened.

"Getting a PDF attachment is a very normal thing. Your e-mail provider is not going to block every PDF that comes into your system," he said.

Finally, the report also found that malware continues to increase significantly, experiencing a 100 percent increase from 2008 with more than 240 million distinct new malicious programs, while in 2009, spam averaged 88 percent of all e-mail. Of the 107 billion spam messages distributed globally per day, 85 percent were sent via botnets.

"The bad guys realize if they have a botnet up and running, the more they can do to keep the botnet up and running the more money they can make off of it," said Ramzan.