A rash of fast-spreading worms is being blamed for a more than tenfold increase in the number of security events on the Internet in the first three months of this year. The number of confirmed attacks and incidents was also up 37 percent over those in the fourth quarter of 2002, according to a new report released by Internet Security Systems Inc.
There was a bit of good news last quarter, however small. The number of new vulnerabilities recorded by ISS was 606, down from 644 in the last three months of 2002.
One interesting wrinkle arising from the report is the revelation that the number of new exploits was considerably higher than the number of vulnerabilities discovered during the first quarter. This is a clear indication that attackers are not simply waiting for new flaws to be exposed—theyre actively seeking out and exploiting unknown vulnerabilities themselves.
But the real story of the early part of 2003 has been the number of worms that have been unleashed on the Internet. The most troublesome of the lot was the SQL Slammer, which attacked servers running Microsoft Corp.s SQL Server 2000 database software. The worm exploited a vulnerability for which Microsoft had released a patch six months earlier, but it still succeeded in infecting more than tens of thousands of machines in less than 10 minutes in late January.
But Slammer was only the beginning. Several other less successful but equally annoying worms also made their debuts during the first quarter. Deloder and a new version of Lovgate both hit the Web in March, as did Code Red.F. In addition to generating a tremendous amount of network traffic as they propagate, both Deloder and Code Red.F install back doors on infected machines, leaving machines vulnerable to future manipulation by attackers.
“The large increase in mass-mailing, highly persistent worms and security events indicates that this year will be challenging for security officers and administrators around the world. These levels are consistent with our forecasts that show a steady amount of malicious activity on the Internet throughout 2003,” said Chris Rouland, director of ISS X-Force security research team. “Hackers, criminals and hacktivists continue to disrupt services, commit online theft, and cause outages across the Internet by exploiting unprotected computers, especially by focusing their activities on critical and widely-deployed systems and infrastructure.”
ISS compiles its quarterly statistics, known as the Internet Risk Impact Summary Report, by culling data from more than 400 intrusion detection sensors installed at customer sites. The full report will be released Monday.
Latest Security News:
Search for more stories by Dennis Fisher.
Find white papers on security.
(Editors Note: This story has been modified since its original posting to correct a statistical error in the ISS report.)