Report: Zero-Day exploits are nearing

The time is coming when zero-day threats will become a reality, according to Symantec Corp.'s recently released Internet Security Threat Report.

This Content Component encountered an error

The time is coming when zero-day threats will become a reality, according to Symantec Corp.'s recently released Internet Security Threat Report.

The report found the total number of vulnerabilities remained constant between 2003 and 2002, but the actual flaws are more severe. "In addition, the period of time between the announcement of a vulnerability and the release of an associated exploit is shrinking," according to a press release on the report.

In total, 2003 saw 2,636 vulnerabilities released, compared to 2,587 found in 2002. However, there was a monthly average of 115 "moderately severe" flaws last year compared to just 98 a month in 2002. Moreover, the number of vulnerabilities that have exploit code increased 5% in 2003.

Microsoft Internet Explorer vulnerabilities in particular were on the rise. The first six months of last year saw 20 flaws, but the second half of the year saw 34 -- a 70% increase.

For more information

Click here for an article on the last Symantec Internet Security Threat Report.

 

Or see these Best Web Links on vulnerabilities.

Malicious code also seems to be targeting Windows components rather than server software. For example, the Blaster worm exploited a vulnerability in DCOM-RPC, which affected several versions of Windows. "Threats targeting these components are more widespread than the server software targeted by previous network-based worms, resulting in a much higher density of vulnerable systems," Symantec said.

The company also found worm submissions increase two and a half times in the second half of 2003, when compared to the same period in 2002.

Worm writers are getting craftier. More worms contain their own mail engines. When worms can mail themselves out, then users of infected systems are less likely to realize a worm has hit them. Also, worms are more frequently packed and compressed in an attempt to sneak them past antivirus scanners.

The biannual report -- Symantec's fifth -- is based on anonymous data from Symantec Managed Security Services customers as well as from 20,000 DeepSight Threat Management System sensors in more than 180 countries.

Dig deeper on Emerging Information Security Threats

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close