A bot (short for 'robot') is a program that is covertly installed on a targeted system, allowing an unauthorised user to remotely control the computer for a wide variety of purposes. Co-ordinating a group of bot-controlled systems makes a bot network, used to increase the speed and breadth of attacks.
In the last six months, Symantec's average daily number of monitored bots has grown from under 2,000 to more than 30,000, peaking at 75,000 in one day.
Symantec warns that bot networks create unique problems for business, as they can be remotely upgraded with new exploits very quickly, which could potentially allow attackers to outpace an organisation's security efforts to patch vulnerable systems.
Patching is itself becoming more difficult, according to the report, which found that the time between the announcement of a vulnerability and the release of associated exploit code had reduced to an average of just 5.8 days.
The number of vulnerabilities within systems had also increased, with Symantec documenting more than 1,237 new vulnerabilities between 1st January and 30th June, 2004, an average of 48 new vulnerabilities per week.
The report found that internet attacks were greatest against e-commerce, which suffered 16% of all attacks – a 400% increase on the previous six months.
This rise, says Symantec, may indicate a shift from attacks motivated by notoriety to attacks motivated by economic gain, a possibility that is strengthened by an increase in phishing scams and spyware, which are designed to steal confidential information and pass it along to attackers.
Small businesses were the second highest target for hackers, but internet attacks in general are decreasing, according to the report.
"As this latest Internet Security Threat Report demonstrates, exploits are being created more easily and faster than ever, while attackers are launching more sophisticated attacks for financial gain," said Arthur Wong, vice president, Symantec Security Response and Managed Security Services.
"Software vulnerabilities and targeted attacks remain a primary area of concern for organisations and individuals," he warned.
In the future, Symantec predicts that bot networks will employ increasingly sophisticated methods of control and attack synchronisation that are difficult to detect and locate. The firm also expects to see instances of port knocking, a method attackers may use to open closed ports on potential target systems.
The anti-virus firm expects that recent Linux and BSD vulnerabilities will be used as exploit-based worms in the near future and that there will be more attempts to exploit mobile devices. (BSD originally stood for Berkeley Software Distribution and refers to a version of the Unix operating system.)