News Stay informed about the latest enterprise technology news and product updates.

Report: Zero-Day exploits are nearing

The time is coming when zero-day threats will become a reality, according to Symantec Corp.'s recently released Internet Security Threat Report.

The time is coming when zero-day threats will become a reality, according to Symantec Corp.'s recently released...

Internet Security Threat Report.

The report found the total number of vulnerabilities remained constant between 2003 and 2002, but the actual flaws are more severe. "In addition, the period of time between the announcement of a vulnerability and the release of an associated exploit is shrinking," according to a press release on the report.

In total, 2003 saw 2,636 vulnerabilities released, compared to 2,587 found in 2002. However, there was a monthly average of 115 "moderately severe" flaws last year compared to just 98 a month in 2002. Moreover, the number of vulnerabilities that have exploit code increased 5% in 2003.

Microsoft Internet Explorer vulnerabilities in particular were on the rise. The first six months of last year saw 20 flaws, but the second half of the year saw 34 -- a 70% increase.

For more information

Click here for an article on the last Symantec Internet Security Threat Report.


Or see these Best Web Links on vulnerabilities.

Malicious code also seems to be targeting Windows components rather than server software. For example, the Blaster worm exploited a vulnerability in DCOM-RPC, which affected several versions of Windows. "Threats targeting these components are more widespread than the server software targeted by previous network-based worms, resulting in a much higher density of vulnerable systems," Symantec said.

The company also found worm submissions increase two and a half times in the second half of 2003, when compared to the same period in 2002.

Worm writers are getting craftier. More worms contain their own mail engines. When worms can mail themselves out, then users of infected systems are less likely to realize a worm has hit them. Also, worms are more frequently packed and compressed in an attempt to sneak them past antivirus scanners.

The biannual report -- Symantec's fifth -- is based on anonymous data from Symantec Managed Security Services customers as well as from 20,000 DeepSight Threat Management System sensors in more than 180 countries.

Dig Deeper on Emerging cyberattacks and threats

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.