Symantec warns: New threat is data theft, not network disruption

Electronic security vendor Symantec says it has seen a rise in malicious code—including viruses, worms, and trojans—targeted at enterprises.

"Threats are aimed at specific enterprises with fraud or theft of confidential information in mind," says Dean Turner, executive editor of Symantec's recently published Internet Security Threat Report.

Given the motive, it's not surprising that much of this activity has made use of so-called trojans, says Turner. A trojan is a file that seems to be desirable but, in fact, is malicious. In a targeted attack, a trojan could enter through a browser or email, sitting quietly on a PC "host" collecting data such as passwords, account information, or even customer or price lists. Stealth is the aim in such attacks, adds Turner, rather than disruption.

"They want this malicious code to be low and slow," he says. "The longer it stays on the network, the more information it can capture to be used for financial gain."

Overall, Symantec saw an 18-percent rise in previously unseen malicious code from January to June 2006, as covered by its latest report. Previously unseen code is defined as distinct malicious code threats detected by Symantec for the first time. Symantec also notes a rise in malicious code that ends up on client-side applications such as office productivity software, says Turner, though he is unaware of trojans ending up on ERP system clients.

A layered approach to data security is the best defense against malicious code, says Turner, including intrusion-prevention systems to supplement firewalls at the network level, but also intrusion detection and antivirus software for all computers that connect to the corporate network. "When we talk about multilayered defense, you also need security solutions on the individual hosts—especially on laptops."