Cyber crime spreads its viruses

“It was a very good year for the cyber criminal”. That is the depressing conclusion given by Guy Bunker, chief scientist at Symantec, on the basis of his company’s Internet Security Threat Report for EMEA 2008. “They had a productive time, creating 60 per cent of all known malware in one year.”

This explosion in activity reflects the commercialisation of Internet attacks, with the origins moving from amateur hackers to organised crime. Even the basic components are now being sold like legitimate products. “One of the phishing toolkits is responsible for 14 per cent of all phishing on its own,” notes Bunker. It can be bought for a couple of dollars.

“People leave their computers on all the time with broadband. That becomes a valuable asset to cyber criminals who seize computing power,” he says. One advantage for criminals of this usage pattern is the ability to send millions of phishing emails from a single hijacked system, rather than having to gain control of multiple computers.

There were some successes in the battle against Internet fraud. The closure of a number of “cyber crime-friendly” ISPs led to a decrease of between 50 and 70 per cent in overall spam volumes. But new hubs for criminal Net activity have developed in Russia, Poland and Brazil from where attacks can be launched remotely.

The UK suffers most from the use of back doors and Trojans, something Bunker puts down to the way cyber criminals look for vulnerabilities and then exploit them rigorously until they are closed. “They will use a technique in one region, then when it gets shut down, they move onto somewhere else,” he says.

Patches are usually developed in less than one week from detection of a worm or virus. With the explosion in multi-media online, however, it has become easier for cyber criminals to get Net users to download an attachment without checking it. Many users of computers in the workplace switch off anti-virus software in order to enable their access to such content, thereby leaving themselves open to attack.

Last year’s Brisv worm modified multimedia files to open malicious URLs in this way and was the top new piece of malware reported in 2008. Worryingly, 87 per cent of confidential information threats had remote access capabilities, although this was down from 94 per cent in 2007.

“Companies need to review their security policies to ensure people can’t switch off anti-virus applications and create vulnerabilities. The other thing they need to look at is smart phones,” adds Bunker.

“A lot of computers have Web-enabled applications that give access to smart phones. If you run a report on your top 100 customers and their credit card details using that device, that is of very high value for cyber criminals,” says Bunker. Blackberries and iPhones could be compromising corporate firewalls.

To assess Internet security risks, Symantec monitors 750,000 servers in 200 countries, allowing it to watch how a partcular technique gets adopted from one country into another. Often the initial attack is trialled in a remote locaion, such as Peru, in the hope of testing it band then rolliing out before a security patch gets written.

The scale of the effort being applied to online criminal activity is sometimes bewildering. According to Bunker, 60 per cent of all the software written in Windows is malicious. “We use behavioural analysis to look at what an application is trying to do when it is installed,” he says. As soon as it acts improperly, such as linking to a phishing site, it is identified as malware and a security patch gets developed.

Looking at the trends for this year, Bunker believes it will prove to be a bumper one for cyber criminals. “Consumers in a down economy are looking to save money. Where do they go to do that? The Internet. That is what cyber criminals are planning to do, too – putting up offers to lure people in,” he warns.

Latest from Marketing Week


Access Marketing Week’s wealth of insight, analysis and opinion that will help you do your job better.

Register and receive the best content from the only UK title 100% dedicated to serving marketers' needs.

We’ll ask you just a few questions about what you do and where you work. The more we know about our visitors, the better and more relevant content we can provide for them. And, yes, knowing our audience better helps us find commercial partners too. Don't worry, we won't share your information with other parties, unless you give us permission to do so.

Register now


Our award winning editorial team (PPA Digital Brand of the Year) ask the big questions about the biggest issues on everything from strategy through to execution to help you navigate the fast moving modern marketing landscape.


From the opportunities and challenges of emerging technology to the need for greater effectiveness, from the challenge of measurement to building a marketing team fit for the future, we are your guide.


Information, inspiration and advice from the marketing world and beyond that will help you develop as a marketer and as a leader.

Having problems?

Contact us on +44 (0)20 7292 3703 or email

If you are looking for our Jobs site, please click here