“Symantec Falters on Weak Antivirus Sales” plus 1 more

Symantec Falters on Weak Antivirus Sales

Posted: 18 Aug 2010 12:13 PM PDT

Symantec(SYMC) has seen steep recent declines in profit margins for its Norton antivirus software business.

Symantec competes with McAfee(MFE), CA Technologies, AVG, TrendMicro and Kaspersky Labs in the antivirus software market. In Symantec's second-quarter earnings report, management noted that margins had suffered due to the growing proportion of its low-priced PC tools product in the sales mix. Symantec also incurred substantial costs launching its new eCommerce platform. Finally, rising competition is forcing Symantec to pay higher fees to computer manufacturers that install its antivirus software on new PCs. Based on all these factors, we have reduced the Trefis price estimate for Symantec's stock from $24.06 to $22.33. Our estimate incorporates Symantec's recent purchase of VeriSign's SSL/authentication business, valued at $1.28 billion. Our analysis follows below. Norton Antivirus software constitutes 29% of our price estimate for Symantec's stock. Norton's EBITDA margins on antivirus software sales declined from around 48% in 2008 to around 39% in the second quarter of 2010. We expect this margin slide to continue, reaching 32% by the end of the Trefis forecast period. If antivirus margins decline faster than we expect and reach 25% by 2016, there could be a downside of 5% to our price estimate for Symantec's stock . You can drag the trend-line in the chart below to create your own EBITDA margin estimate for Norton's antivirus products and see how it impacts the company's stock price. Here's why Norton's antivirus software margins have declined:

Rising OEM fees: Symantec's main competitor, McAfee, has been winning partnership deals with leading PC manufacturers like HP(HPQ), Dell(DELL), Acer, Sony and Toshiba. McAfee won these deals, in large part, by increasing the fees that it pays manufacturers to install its software on new PCs. As a result, computer makers have been able to extract higher fees from Symantec as well, which squeezes its margins.
Higher mix of lower-priced PC Tools: PC Tools is a low-price, low-margin antivirus product that Symantec markets heavily in price-sensitive markets like Asia. According to management, PC tools business grew by double digits in the second quarter of 2010 compared to the year-ago quarter. The growing proportion of PC Tools sales in Symantec's overall sales mix has tended to squeeze profit margins.
E-commerce launch: Symantec recently launched an e-commerce platform that it built in-house. Management states that although initial results have been encouraging, the platform has incurred significant direct costs due to fees charged by credit card companies.

Trefis vs. Market

Our $22.33 estimate for Symantec's stock price is significantly higher than the current market price of $12.34. Here are some factors that contribute to our more bullish outlook: Symantec gaining share in the storage software market: Symantec's share of the storage-software market grew from 17.5% in 2007 to 19% in 2009. We currently expect this share to reach 21% by the end of the Trefis forecast period. However, if Symantec's share of this market were to decline to around 14% by 2016, there could be 15% downside to our price estimate for Symantec's stock. Globally, the storage software market grew from $9.2 billion in 2005 to $11.8 billion in 2009. We currently expect this market to total $16 billion by the end of the Trefis forecast period. However, there could be 15% downside to the $22.33 Trefis price estimate for Symantec's stock if the storage software market grows more slowly than we expect, reaching $11 billion by the end of our forecast period. Symantec's consumer antivirus share is declining slowly: Symantec's market share decreased from 57% in 2007 to 52% in 2009. Our estimate incorporates the expectation that Symantec's market share will decline to 46% by the end of the Trefis forecast period. If the decline exceeds our expectations, reaching 28% by 2016, there could be a 20% downside to our stock price estimate. You can see the complete $22.33 Trefis Price estimate for Symantec's stock here .

This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read our FAQ page at fivefilters.org/content-only/faq.php
Five Filters featured article: "Peace Envoy" Blair Gets an Easy Ride in the Independent.

Scareware Using Bing Results To Expand Attack

Posted: 18 Aug 2010 09:43 AM PDT

Mass rogue antivirus campaign tricking search engines to return malicious links using results from Microsoft's search engine.

A new scareware attack serving rogue antivirus advertisements has been targeting Swiss and Dutch websites. Interestingly, the attack uses a novel technique to lure search engine users: it relies on Bing search results to say relevant.

On Friday, Dancho Danchev, an independent security consultant based in the Netherlands, blogged that he'd been tracking "a blackhat SEO campaign that's persistently compromising legitimate sites within small ISPs in the Netherlands and Switzerland, for scareware-serving purposes."

He said, "Although this beneath-the-radar-targeting approach is nothing new, it once again emphasizes a well-proven mentality within the cybercrime ecosystem." Namely, target "hundreds of thousands of low-profile sites," using them to poison search engine results with fake links, and attackers can generate more traffic to those links than if they'd targeted more high-profile and better-secured websites.

Typically, these rogue antivirus -- or as Google calls it, fake AV -- campaigns infect numerous websites as fast possible, before the search engine operators catch on, and this attack was no exception. "In many cases we were looking at mass compromises where a server hosting hundreds of websites was compromised," blogged Bojan Zdrnja, at the SANS Internet Storm Center, on Tuesday.

He said the new attack resembles rogue AV campaigns seen this past June and July, in which attackers infected all PHP files on a targeted website. This attack, however, only places a single, master PHP script -- often dubbed "page.php" or "wp-page.php" -- which then "phones home" for further instructions and downloads additional PHP scripts as required.

Whenever a search engine crawler indexes an infected website, the master script takes the keyword sought by the crawler and requests the top 50 results for that keyword from Bing. The master script massages the Bing results, strips out any JavaScript, again phones home -- receiving 100 links to other compromised websites -- and uses the Bing results and links to create an index.html page, which it returns to the web crawler.

Interestingly, the master script also hides itself, refusing to display if accessed directly. Instead, it only responds to web crawler requests, or to referrers, meaning someone clicked on a rogue AV link in search engine results. At that point, "the browser is redirected to a third site -- and possibly fourth -- that displays the infamous RogueAV warnings," said Zdrnja.

He said this attack is an obvious improvement on prior versions. "Yesterday I checked Google and I was able to find thousands of poisoned results pointing to such compromised websites," he wrote on Tuesday. "While the search engine operators do a lot of work to prevent poisoning like this, it is clear that the bad guys are not resting either and that they are developing new poisoning techniques constantly."

Now that server virtualization is widespread, can we leverage it to make true business continuity a reality--or at least make recovering from disaster faster and less expensive? Download our report here (registration required).

AntiVirus Free

Thursday, August 19, 2010