Every six months, Symantec Corporation issues an "Internet Security
Threat Report," summarizing trends as seen by that vendor.
The latest report, covering the first half of 2004, is now available at:
http://www.symantec.com/press/2004/n040920b.html
Some excerpts of note:
>Over the past six months, Symantec documented more than 4,496 new
>Windows viruses and worms (particularly Win32), more than 4.5 times
>the number in the same period in 2003.
>Adware is becoming more problematic, making up six of the top 50
>malicious code submissions.
>... the time between the announcement of a vulnerability and the
>release of associated exploit code was extremely short. Symantec
>data indicates that over the past six months, the average
>vulnerability-to-exploit window was just 5.8 days. Once an exploit
>has been released, the vulnerability is often widely scanned for and
>quickly exploited. This short window leaves organizations with less
>than a week to patch vulnerable systems.
>Adding to concern about the short vulnerability-to-exploit window is
>the growth in bots (short for "robot"). Bots are programs that are
>covertly installed on a targeted system, allowing an unauthorized
>user to remotely control the computer for a wide variety of
>purposes. Attackers often coordinate large groups of bot-controlled
>systems, or bot networks, to scan for vulnerable systems and use
>them to increase the speed and breadth of their attacks. Over the
>past six months, Symantec has seen a large increase in the number of
>remotely controlled bots. During the first six months of 2004, the
>average number of monitored bots rose from under 2,000 to more than
>30,000 per day - peaking at 75,000 in one day.
>Web application technologies [presumably involving vulnerabilities
>in Web browsers and in HTML rendering engines used by other
>applications] are appealing targets for attacks because of their
>widespread deployment within organizations and the relative ease
>with which they can be exploited. Web applications allow attackers
>to gain access to the target system simply by penetrating one
>end-user's computer, bypassing traditional perimeter security
>measures. ... In the first half of 2004, 479 vulnerabilities - or
>39 percent of the total volume ... [of] 1,237 new vulnerabilities
>between January 1 and June 30, 2004 ... were associated with Web
>application technologies.
Aron Roberts
Workstation Software Support Group
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Tue Sep 21 10:18:40 2004
This archive was generated by hypermail 2.1.8 : Tue Sep 21 2004 - 10:18:49 PDT