Symantec Report Bares Internet Threats

 
 
By Dennis Fisher  |  Posted 2004-03-22 Print this article Print
 
 
 
 
 
 
 

While the number of vulnerabilities found in software essentially has plateaued, the flaws are increasingly easy to exploit and, more often than not, quite severe, according to a new report.

While the number of vulnerabilities found in software essentially has plateaued, the flaws are increasingly easy to exploit and, more often than not, quite severe, according to a new report.

As bad as the vulnerability problem is, the virus plague currently tormenting Internet users may well be worse. In the second half of last year, there were 250 percent more new Windows viruses discovered than in the same period in 2002, the report shows—a total of 1,702 new Win32 viruses.
Worms, however, beat out their virus cousins as the most common source of attack activity, according to the Internet Security Threat Report, released by Symantec Corp. Together, worms and blended threats accounted for 43 percent of all of the attack traffic detected by Symantecs DeepSight Threat Management System sensors.

"Thats a continuation of what weve seen in past years, and its likely to continue that way for some time," said Vincent Weafer, senior director of Security Response at Symantec, based in Cupertino, Calif. "No surprise there."

Another entry in the "no surprise" category is the state of software security. Of the more than 2,600 new vulnerabilities discovered in all of last year, 70 percent were easy to exploit—meaning that either they didnt require exploit code or that code was readily available. Symantec analysts also found that, overall, the volume of exploit code available on the Internet is increasing.

Among the blended threats from last year, Bugbear was the most prevalent, Symantec said. The Blaster worm, which hammered the Internet last August and still continues to cause trouble in some quarters, came in second, with SoBig.F, Redlof and Swen rounding out the top five. Many of these threats, including Blaster and SoBig.F, install a back door as part of their infection process. Symantecs analysts found that attackers who write other threats are including functionality in their worms and viruses that scan for and then exploit these back doors. Often, such compromised machines are used later in distributed denial-of-service attacks.

This trend has continued into 2004, with worms such as MyDoom installing back doors and others, including Doomjuice, seeking out PCs infected by MyDoom and sneaking in through the open back door.

Symantec produces its Internet Security Threat Report every six months using data collected by its DeepSight sensors deployed in enterprises and other large organizations.

Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis. Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:  
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel