Symantec Global internet Security threat report
Appendix B—Threat Activities Trends Methodologies
threat activity trends in this report are based on the analysis of data derived from the Symantec Global intelligence network, which includes the Symantec DeepSight threat Management System, Symantec Managed Security Services, the Symantec Honeypot network, and proprietary Symantec technologies. Symantec combines data derived from these sources for analysis.
Malicious activity by country
to determine the top countries for the “Malicious activity by country” metric, Symantec compiles geographical data on each type of malicious activity to be considered, namely: bot-infected computers, phishing website hosts, malicious code reports, spam zombies, and attack origin. the proportion of each activity originating in each country is then determined. the mean of the percentages of each malicious activity that originates in each country is calculated. this average determines the proportion of overall malicious activity that originates from the country in question and the rankings are determined by calculating the mean average of the proportion of these malicious activities that originated in each country.
to evaluate this metric, Symantec identifies each distinct attack delivered through the Web, hereafter referred to as Web-based attack, hosted on malicious websites that are detected by intrusion prevention technology. A Web-based attack is any attack that is carried out against a client-side application originating from the Web. Symantec determines the top Web-based attacks by determining the most common attacks carried out against users. Due to the nature of Web-based attacks, the total number of attacks carried out is a good measure of the success and popularity of the attack.
Each attack discussed targets a specific vulnerability or weakness in Web browsers or other client-side applications that process content originating from the Web. these attacks can vary in their delivery methods; some rely on misleading a user into downloading a malicious file, while others occur without any knowledge or interaction by the user.
Countries of origin for Web-based attacks
Symantec identifies the Web-based attacks by country by determining the geographic origin that conducts the attack on computers upon visiting a website. note that the server hosting the exploit may not necessarily be the same server that the user has visited due to redirection. A user could visit a website that redirects their Web browser to a malicious server in another country.