Financial service firms experience the highest number of malicious virus attacks compared to other industries, with almost half (48%) recording at least one severe incident in the six-month period from July to December 2003, according to research by Internet security systems vendor Symantec.
Symantec's Internet Security Threat Report reveals that attacks on financial sector companies are four times greater than in the telecommunications industry.
According to the research, threats to confidentiality are rapidly increasing, with a 148% growth in volume of malicious code submission. While older threats compromised security by exporting random documents, more recent viruses and blended threats also extract passwords, decryption keys and logged keystrokes.
Blended threats - like Blaster, Welchia, SoBig.F and Dumaru - make up 54% of the top 10 submissions for the last six months of 2003.
These variants are increasingly using backdoors left by other attackers in order to gain control of a target system. Symatec research shows that almost one third of all attacking systems targeted the vulnerability exploited by the Blaster worm and its successors.
In the financial sector, ATM vendor Diebold was forced to shut down a number of cash machines in December after they were attacked by the Nachi worm, which was created to clean up after the Blaster worm and to spread through holes in Windows XP, 2000, NT and Server 2003.
Symantec's technical services director, Richard Archdeacon, says patch management continues to be critical but financial organisations are struggling to keep patch levels up-to-date.
According to US banking collective Bits, the cost of software vulnerabilities and patch management to the financial services industry is approaching $1 billion annually.
In August last year, the Blaster worm forced Nordea to close 80 branches as the Scandianvian bank lost a race to implement patches across its network.
Research released by MessageLabs in November showed that financial services firms are now the main adopters of managed e-mail security services. The firm said 400 financial firms were using its e-mail security services to protect against viruses and spam.