Symantec, a major Net security company, has published a report on Internet security threats of 2011. It’s an interesting snapshot of trends and statistics that makes sobering reading, along with a few eyebrow-raising surprises. Here are some of its highlights:

  • A dangerous new trend among criminals is using shortened URLs to distribute and disguise spam and phishing attacks. These links are conveniently provided by numerous websites to handily replace lengthy strings in addresses, but where they actually point to may be hard to guess. Users are advised to use preview tools to check them out before clicking.
  • Social media sites, especially Facebook, have been cleverly used to spread links to infected sites by crooks taking advantage of people’s expectations and profiles. People using social networking sites are cautioned to be careful about what personal information they post, and when clicking on URLs in email or posted on social media sites even when they come from friends or trusted sources.
  • Macs are not immune: the first Mac-based botnet occurred in 2009. New threats emerged in 2011, including Mac Defender, a fake antivirus program that installs itself without permission.
  • Symantec claims to have identified 4,989 new computer vulnerabilities in just 2011. However, the number of new problems with popular browsers has decreased slightly, Google Chrome having the most dramatic reduction.
  • The amount of spam is actually decreasing, from over 88% of all email in 2010 down to 68% by the end of 2011. Apparently much of the reduction was due to the seizure of the Rustock botnet, which generated huge amounts of pharmaceutical spam, which went down from 74% of all spam to only 40%.
  • Phishing is still on the increase however using email to lure users to bad websites, from 1 in 298 emails to 1 in 442 in the same period.
  • Phishing attempts proved to be highly uneven; surprisingly it’s the biggest and smallest firms are the most targeted. The largest companies, with over 2,500 employees attracted 50%, and the smallest companies with 250 workers or less attracting 18%. People most frequently targeted were executives (25%) and those who shared mailboxes (23%).
  • In 2011, a full quarter of all email attack campaigns were focused on the government and public sector, with manufacturing and finance next.
  • The most dangerously infected websites with malware are
    1. Blogs and Web forums
    2. Web-hosting and personal hosted sites
    3. Business/Economy
    4. Shopping
    5. Education and Reference

Several other surprising things should be noted:

  • 61% of malicious sites are regular websites that have been compromised or somehow infected with malicious code.
  • Religious and ideological sites have 3 times the number of threats than sites hosting adult pornography. In fact commercial porn sites are some the safest sites around. 19.8% of all blogs are infected, compared to only 2.4% of adult entertainment sites.