The New Attack Pattern

Opinion: Danger still lurks, but things have gotten a lot better for the average computer user.

Ive written many columns arguing that things are getting better for the average user over time, and I still feel that way. Its not just that the tools to protect yourself against attacks are becoming more accessible and affordable. The pattern of attacks by the malicious code crowd has changed.

Remember the widespread mass-mailer attacks of years ago? Those attacks are still out there and will be for a long time, but I doubt theyre infecting many new systems these days. And the mass network worm attacks like Sasser and Blaster are still in the background, but patched long ago, and no new vulnerabilities have emerged for a long time to allow such attacks.

/zimages/5/28571.gifeWEEK Labs says that Vista takes Security up a notch, but that the new features will have greater impact on consumers than corporations. Click here to read more.

In the meantime, defenses have shored up, especially in business. Effective network-level protection is cheap compared to the risks of not using it. Even a simple NAT box blocks a huge percentage of threats.

The pattern we began to see emerging in 2006 was the narrow, targeted attack. The old style of mass-bombardment of attacks appears to be a thing of the past. Its been over a year since we had a major Windows attack, Zotob if I remember correctly, and even that was not an all-timer. Even though it got a lot of ink, I still dont consider the WMF bug of a year ago to have been a major attack.

Zotob used the MS05-039 Plug-and-Play buffer overflow vulnerability to spread. There have been Windows vulnerabilities since then, but no widespread attacks based on them.

Instead a new pattern has emerged: Shortly after the monthly patch day, new zero-day attacks are discovered. Not widespread attacks, but narrowly targeted attacks against specific enterprises. A blog entry from Microsofts Security Response Center says that in the cases where they say that theyre aware of "very limited, targeted attacks," they are talking about a few, perhaps as few as one or two.

Next page: Vulnerabilities for hire