Symantec ISTR XVI brief: the internet has a lot of bad people


If there ever was a time you thought the internet was a place where unicorns prance around without care, you’re in for a rude shock. Symantec has just shared their 16th ISTR (Internet Security Threat Report) with members of the media yesterday, and the report highlights worrying trends in this series of tubes we call the internet.

Aside from the regular threats – more targeted attacks with more sophisticated coding – probably the most worrying threat that’s hitting close to home is the spread of malicious code through the use of social networks.

Hackers and other malicious coders have embraced the rise of Facebook and Twitter wholeheartedly and have used both as a base to deliver their payloads. They use attacks specially tailored to a target, using the marks’ own data against them. Once an account is successfully attacked, they leverage news feeds to spread spam, scams and other attacks.


For Twitter, the attackers use shortened URLs to hide malicious links. According to the ISTR, 73% were clicked 11 times or more when compared to longer URLs.

Another worrying threat that’s rising is mobile attacks. With the advent of smartphones that are fast approaching regular PCs when it comes to computing power, it only makes sense that attacks on the different platforms will continue to rise. Mobile vulnerabilities are steadily rising, with 115 vulnerabilities in 2009 rising to 163 in 2010, a 42% increase. Symantec wouldn’t say it, but it seems that the Android platform is particularly more vulnerable to attacks simply because of its nature. The open system and loose development guidelines mean that it’s easier to develop and publish malicious programs masquerading as legitimate software.

So how can you protect yourself? The easiest and best way is to practice a hefty amount of common sense. If you see links or application invites posted on your wall from your friends that are out of place for their character or was sent en masse to his/her other contacts, that’s already a red flag. Same thing for FB chat – if a friend that you don’t talk to that often suddenly pops in giving you a link to visit, ask them about it through a PM. For Twitter, be careful about the links you visit, especially shortened ones. Don’t go clicking on everything you see, especially ones that promise scandalous videos like the recently made Lady Gaga Twitter scam. Finally, make sure to invest in a good anti-virus software solution, like Symantec and make sure it’s always updated.