Malicious software threat rose in 2007: Symantec
The Canadian Press
Published Tuesday, April 8, 2008 7:08PM EDT
MONTREAL - Customers of the country's largest Internet service provider, Bell Canada, were hit by 17 per cent of the computer viruses, spam and other so-called "malicious activity'' tracked in Canada during the last half of 2007 by cyber-security firm Symantec Inc.
A spokesman for Symantec, producer of the widely used Norton Antivirus software, said it's not surprising that Bell's customers were either knowingly or unknowingly accounted for the largest portion of "malicious'' or "undesirable'' activity.
"Honestly, I think it's just because they (Bell) are the biggest target,'' said Dean Turner, Calgary-based director of Symantec's Global Intelligence Network. "They have the largest percentage of broadband users in Canada at 24 per cent.''
Bell Canada (TSX:BCE) spokesman Jason Laszlo said the telecom company, which is one of Symantec's largest Canadian customers, has reviewed the study and rejects its findings.
"We flat-out refuse to accept these statistics as valid,'' Laszlo said. "And if Symantec is not able to properly substantiate these claims, we will demand that they withdraw and amend their findings.''
Laszlo said Symantec hasn't disclosed how it came to these results and they're "in stark contradiction to what we know to be true.''
He added that Bell takes steps to protect its network.
"We develop and implement more protective network measures than any other ISP in Canada, which leads to excellent results,'' Laszlo said.
Symantec conducts a twice-yearly global Internet security investigation. In the most recent study, released Tuesday, the company detected a whopping 711,912 new malicious code threats to the Internet in 2007, up dramatically from 125,243 in 2006.
The study named Canada the No. 9 hot spot for malicious activity, far behind the United States at No. 1.
About 16 per cent of malicious Internet traffic in Canada moved across Shaw Communications Inc.'s (TSX:SJR.B) network, making it the No. 2 carrier of bad code. Shaw did not comment immediately on the study.
Among other Canadian ISP providers Symatec found to be carrying malicious activity:
- Eight per cent of Canada's malicious Internet traffic ran through each of Canaca-Com Inc. and Cogeco (TSX:CGO)
- Five per cent was found on Crown corporation SaskTel's network
- Three per cent ran through each of Primus, Peer One and Rogers Communications (TSX:RCI.B)
- Two per cent ran across IWebtechnologies networks.
Turner said he doesn't blame service providers or Internet users, who often don't know this is going on.
"I would argue quite strongly that in the large network cases, the ISPs (Internet service providers) are the victims,'' he said.
"Can you imagine how hard it is for them to stop malicious activity?''
Turner acknowledged it's difficult to control the flow of viruses, scripts and other bugs without being heavy-handed.
"We would be very angry, I think, in a lot of ways if the ISPs were monitoring our traffic and sort of acting like Big Brother.''
The study also found that the No. 1 item for sale in the digital underground was fraudulently obtained access to bank accounts, illegally sold for between $10 to $1,000, depending on how much money they contained.
Turner said credit card numbers were sold by thieves for as a little as 40 cents if bought in bulk and stolen identities can be bought for between a buck and $15.
Much of the malicious activity was aimed at individual users, he said, who are now easier to target than networks or companies. It's geared to exploit their behaviour on the Internet, sometimes in the form of so-called "phishing attacks,'' which attempt to trick computer users into revealing financial information, and "bot'' attacks.''
Bot attacks, which include the dissemination of spam, earn their name by performing a wide variety of automated tasks, usually on behalf of cybercriminals located far away from their potential victims.
Turner suggested so-called "traffic shaping'' -- controversial measures used by some Internet providers to limit the use of bandwidth-heavy applications like file sharing -- could help stem the tide of bad code.
"The net side effect is that when traffic shaping takes place, there are things that ISPs can do to reduce levels of malicious activity but so can users,'' he said.
"Users have to assume responsibility for their actions. Some people will be unaware that they're computers are behaving badly while other people will be perfectly aware that their computers are behaving badly.''
"We know that peer-to-peer file sharing is one of the top five propagation mechanisms for malicious code -- viruses, worms, trojans,'' Turner said.
Bell recently decided to restrict the amount of file-sharing traffic flowing through its network during peak times.
"Network monitoring and managing can definitely reduce the threat by identifying sources of malicious software,'' Laszlo said.