Symantec's Dublin security response centre monitors the world's networks and computers for ever-increasing threats, writes Karlin Lillington

At 10 minutes to nine each morning, seven days a week, a phone call from Tokyo comes in to computer and network security company Symantec's Dublin operations at Ballycoolin Business Park.

The Tokyo security response centre, which has been monitoring computers and networks for viruses, worms, phishing, denial of service (DoS) attacks and other "malware" and hacker nasties during the previous eight-hour Japanese workday, fills Dublin in on their day's work. And as the sun sets in the Far East and Japanese employees gather their belongings to head home to dinner, post-breakfast Ireland comes online as the company's digital security monitor for the next eight hours.

"At 9am the official responsibility for the world moves to Dublin. They own the world for the next eight hours. And at 10 to five, they ring the Santa Monica centre - and on it goes," says Kevin Hogan, senior manager at Symantec Security Response Ireland.

This "follow the sun" principle means that across Symantec's eight security response centres worldwide, someone, somewhere, is always watching for the next big threat or dismantling the code in existing malware to try to figure out a patch or a solution for a product or customer network.

Security of this sort has come a long way from the handful of viruses passed between computers on floppy disks or e-mail in the early days of the internet and desktop computing. These days, Symantec receives 200,000 malware submissions a month from computer users. Virus- infected spam and phishing attacks (fraudulent e-mails that try to winkle confidential information out of computer users) fill e-mail inboxes every day and the term "firewall" has become part of every computer user's vocabulary.

According to the company's latest version of its annual security report, some 2,249 new vulnerabilities to networks and computers were documented in the first half of 2006 - up 18 per cent on the previous six months.

The report is based on the work that comes out of response centres such as the one in Dublin, where - understandably for a building that deliberately harbours some of the most devastating malware around on the web - a stringent network lockdown is in place.

Visitors need to disable any device that could pick up a signal and hence accidentally receive an internet-carried bit of malware.

Computers must be left in a locker room and even little USB thumb drives are forbidden.

Pass through another set of security doors, and all around are programmers sitting at PCs or fiddling with electronic devices as they attempt to decode viruses, hack into pieces of equipment themselves to find weak points, and write the patches that customers will eventually download into their virus definitions and defences.

According to Dave Cole, director of Symantec Security Response Ireland, most of the attacks these days are moving away from company networks and operating systems and on to the web. "As the network has been increasingly locked down, what attackers have been doing is using website or browser vulnerabilities," he says.

The nature of attacks is changing, too. Where once attackers sent out "mass-mailer" viruses with names we all came, unhappily, to know - Lovletter, Melissa, Nimda, Klez - these days such high-profile "see what I did" show-off attacks are giving way to silent and surreptitious attacks where computers may be taken over, monitored and used to send out further attacks on individual or corporate PCs - all without the user's knowledge.

Attacks often come in the form of malicious but unnoticed code embedded in a webpage the unwary visit when they click through on a seemingly legitimate advertisement or e-mail.

Symantec says modern malware increasingly cannot be classified into a single species either.

Increasingly, a computer user doesn't simply get a virus, worm, malicious script or a redirect to a website but a combination of several of these, which security experts call "threat convergence".

And then there are the new, strange creatures such as "splogs" - spam left in the comment sections of weblogs, or "blogs" - which often have links to spoof sites or sites with malicious code.

New types of website and new devices also create opportunities for new forms of exploitation, says Cole. For example, complex sites that allow people to add lots of content themselves, such as MySpace, may enable new threats.

"Rich functionality can be exploited," he says. "The bad point is that there's lots of opportunities for malware." Theoretically, mobiles and gaming devices can be exploited, though to date - perhaps surprisingly - little has been done. But again, as devices converge and gain new types of functionality, new opportunities for exploits are created.

"It's a really interesting time for us engineers," says Eric Chien, chief researcher at Symantec security response. "The bad guys are finding some very complex ways to hide themselves."

Symantec's security report

Most frequently attacked browser

Microsoft's Internet Explorer (IE) draws 47 per cent of all attacks. Mozilla open-source browsers had the most bugs though, rising from 17 to 47, while IE jumped from 25 to 38 and Apple's Safari doubled from six to 12.

Mozilla bugs were patched the fastest, on average within one day, while Microsoft took 10 days to patch IE vulnerabilities (down from 25) and Apple took five days to patch Safari bugs.

New threats

Symantec logged 2,249 new threats in the first six months of the year, up 18 per cent from the last six months of 2005.

Most of these, 69 per cent, were web application vulnerabilities and 78 per cent target Windows applications.

Malicious code threats

Some 18 per cent of threats captured in Symantec's "honey pot" system - where computers are deliberately left open to attack - were completely new.

Of the top malicious code samples, 38 were worms and 30 exposed confidential information. There were 6,784 new Windows viruses and worms.

Phishing

In the first half of 2006, Symantec documented 157,477 unique phishing messages, up 81 per cent on the previous six months.

Spam

Spam rose by 50 per cent, with spam messages constituting 54 per cent of all monitored e-mail traffic. The US is the source of 58 per cent of all spam posts.