Cyber Criminals Become More Professional

CUPERTINO, Calif. -- The latest Internet Security ThreatReport (ISTR), Volume XII released today by Symantec Corp. (Nasdaq: SYMC)concludes that cyber criminals are increasingly becoming more professional -even commercial - in the development, distribution and use of malicious codeand services. While cybercrime continues to be driven by financial gain,cyber criminals are now utilizing more professional attack methods, toolsand strategies to conduct malicious activity.

"As the global cyber threat continues to grow, it has never been moreimportant to remain vigilant and informed on the evolving threat landscape,"said Dan Lohrmann, chief information security officer, State of Michigan."Symantec's Internet Security Threat Report continues to provide us withcritical information on the most current online security trends, helping usbetter protect our state's infrastructure and citizen information."

During the reporting period of Jan. 1, 2007, through June 30, 2007, Symantecdetected an increase in cyber criminals leveraging sophisticated toolkits tocarry out malicious attacks. One example of this strategy was MPack, aprofessionally developed toolkit sold in the underground economy. Oncepurchased, attackers could deploy MPack's collection of software componentsto install malicious code on thousands of computers around the world andthen monitor the success of the attack through various metrics on itsonline, password protected control and management console. MPack alsoexemplifies a coordinated attack, which Symantec reported as a growing trendin the previous volume of the ISTR where cyber criminals deploy acombination of malicious activity.

Phishing toolkits, which are a series of scripts that allow an attacker toautomatically set up phishing Web sites that spoof legitimate Web sites, arealso available for professional and commercial cybercrime. The top threemost widely used phishing toolkits were responsible for 42 percent of allphishing attacks detected during the reporting period.

"In the last several Internet Security Threat Reports, Symantec discussed asignificant shift in attackers motivated from fame to fortune," said ArthurWong, senior vice president, Symantec Security Response and ManagedServices. "The Internet threats and malicious activity we are currentlytracking demonstrate that hackers are taking this trend to the next level bymaking cybercrime their actual profession, and they are employingbusiness-like practices to successfully accomplish this goal."

Symantec Corp. (Nasdaq: SYMC)