SYMANTEC ENTERPRISE SECURITY
Symantec Internet Security
Threat Report
Trends for January 06–June 06
Volume X, Published September 2006
Dean Turner
Executive Editor
Symantec Security Response
Stephen Entwisle
Editor
Symantec Security Response
Marc Fossi
Analyst—DeepSight Threat Analyst
Symantec Security Response
Joseph Blackbird
Analyst—Assoc. Software Engineer
Symantec Security Response
David McKinney
Analyst—Manager Software Engineering
Symantec Security Response
Tony Conneff
Analyst—Development Manager
Symantec Security Response
Ollie Whitehouse
Technical Advisor—Security Architect
Symantec Security Response
Contributors
Dave Cole
Director, Product Management
Symantec Security Response
Peter Szor
Security Architect
Symantec Security Response
Peter Ferrie
Sr. Principal Software Engineer
Symantec Security Response
David Cowings
Sr. Business Intelligence Manager
Symantec Business Intelligence
Dylan Morss
Principal Business Intelligence Manager
Symantec Business Intelligence
Scott Carlton
Manager, IT Operations
Product Operations
Igor Moochnick
Sr. Software Engineer
Instant Messaging Security
September 25, 2006
A message from the Executive Editor
On January 28, 2002, the first Internet Security Threat Report was published by Riptech, a Managed
Security Services company that was acquired by Symantec in July 2002. At a little over 33 pages, the
initial Internet Security Threat Report was one of the first reports to summarize and analyze network
attack trends in a single, comprehensive document. The premiere issue was based on data captured by
Riptech’s firewall and intrusion detection systems, which the company’s analysts used to produce a
first-of-its kind report on attack trends. In that first issue, Code Red and Nimda dominated the threat
landscape and large blended threats and perimeter attacks were the attackers’ modus operandi.
Since that first report, much has changed. Large Internet worms targeting everything and everyone
have given way to smaller, more targeted attacks focusing on fraud, data theft, and cri