NEW YORK: Home computers are increasingly becoming targets of hackers, according to security software vendor Symantec Corporation. The firm, in its semiannual study of internet threat trends, said intruders are using web browsers and desktop tools to sabotage home computers with the malicious intention of obtaining sensitive data like credit card numbers and bank account information.
Home PCs are considered the weakest link in internet security systems because many home PC users do not care about using security systems and anti-virus tools, making such systems easy targets for the criminals, said Symantec. The intention of such attackers these days is easy money and not any more the lofty principles of taking up a technical challenge or demonstrating how vulnerable a software system is, the firm said.
The conclusions are based on data collected by Symantec through its Global intelligence network, which uses over 40,000 sensors monitoring network activity in over 180 countries. It also gathered information from some 120 million client, server and gateway systems using Symantec products.
Symantec said the attackers have also enhanced their targets by including more number of financial services firms in their hit list. These firms constitute 14 per cent of target attacks in the first six months of 2006, which is up from 4 per cent in the previous six months.
However, as much as 86 per cent of targeted attacks -- excluding virus attacks -- were aimed at home PC users in the first six months of 2006, the company said. In the second half of 2005, this percentage was 93.
Alfred Huger, Symantec's senior director of engineering for Symantec Security Response, said hackers have become more efficient in entering machines.
The increasing prevalence of such attacks and their success rates obviously lead to a lack of confidence in online systems -- banking purchases, etc.--, said Huger. This could cause severe economic consequences, he cautioned.
The hackers are now exploiting the vulnerabilities found in browsers and other desktop tools, almost giving up their traditional use of emails to access a compromised system, Huger said, adding file readers, music players and graphic viewers are their new tools for entry.
The study revealed that Microsoft's Internet Explorer was the most frequently targeted browser, accounting for 47 per cent of all browser attacks.
United States suffered the largest number of denial of service attacks -- 54 per cent of the total worldwide. The U.S. also accounted for the largest number of attack origin, 37 per cent of the global total.
Symantec said it documented 2,249 new software vulnerabilities during the six-month period -- the highest number ever recorded. Of these, 69 per cent were in web applications. There were 47 flaws found in the Mozilla Firefox and Mozilla browsers, which is up from 17 flaws during the previous six months. Internet Explorer had 38, up from 25 in the earlier period. Apple Computer Inc.'s Safari browser had 12 flaws, up from six.
Hackers used a strategy called social engineering to entice staff members in financial services firms to visit websites or download programs. The persuasion is carried out by people, pretending to be colleagues and peers. Once they visit such sites, malicious programs on these sites get into the systems they use, which finally pave the way into the corporate network. This is a low-tech strategy that has been found to be effective in circumventing the high-tech preventive measures deployed by the firms, Symantec said.
During the first six months of 2006, Symantec cataloged 157,477 different phishing messages, up 81 per cent from 86,906 six months earlier. Spam messages increased to 54 per cent of all email traffic from 50 per cent in the earlier period.
