The time is coming when zero-day threats will become a reality, according to Symantec Corp.'s recently released Internet Security Threat Report.
The report found the total number of vulnerabilities remained constant between 2003 and 2002, but the actual flaws are more severe. "In addition, the period of time between the announcement of a vulnerability and the release of an associated exploit is shrinking," according to a press release on the report.
In total, 2003 saw 2,636 vulnerabilities released, compared to 2,587 found in 2002. However, there was a monthly average of 115 "moderately severe" flaws last year compared to just 98 a month in 2002. Moreover, the number of vulnerabilities that have exploit code increased 5% in 2003.
Microsoft Internet Explorer vulnerabilities in particular were on the rise. The first six months of last year saw 20 flaws, but the second half of the year saw 34 -- a 70% increase.
The company also found worm submissions increase two and a half times in the second half of 2003, when compared to the same period in 2002.
Worm writers are getting craftier. More worms contain their own mail engines. When worms can mail themselves out, then users of infected systems are less likely to realize a worm has hit them. Also, worms are more frequently packed and compressed in an attempt to sneak them past antivirus scanners.
The biannual report -- Symantec's fifth -- is based on anonymous data from Symantec Managed Security Services customers as well as from 20,000 DeepSight Threat Management System sensors in more than 180 countries.