Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Oct 2002
Posts: 955
UGN Super Poster
OP Offline
UGN Super Poster
Joined: Oct 2002
Posts: 955
Symantec Internet Security Threat Report Sees Increase in Blended Threats, Vulnerabilities and Internet Attacks

Report Also Introduces Analysis of Attacker Vulnerability Preferences

CUPERTINO, Calif. - Oct. 1, 2003 - Symantec Corp. (Nasdaq: SYMC), the world leader in Internet security, today released its latest Internet Security Threat Report, one of the most comprehensive analyses of trends in cyber security activity. This report includes analysis of data from Symantec Managed Security Services customers as well as more than 20,000 DeepSight Threat Management System registered sensors worldwide monitoring attack activity in more than 180 countries. The report covers network-based attacks, a review of vulnerabilities discovered and exploited, and highlights of malicious code trends.

Symantec reports that the increasing prevalence of blended threats, which use a combination of malicious code and vulnerabilities to launch a cyber attack, remains one of the most significant security issues companies face this year. Blended threats accounted for 60 percent of malicious code submissions in the first half of 2003, and the number of blended threats increased by 20 percent. Blended threats continue to be the most frequently reported threat.

The speed of propagation of blended threats is also increasing. For example, the Slammer worm impacted systems worldwide in less than a few hours. Moreover, for a time, the recent Blaster worm was infecting as many as 2,500 computers per hour. Symantec expects to see greater worm propagation resulting in overloads to network hardware, crippling network traffic, and seriously preventing both individuals and businesses from using the Internet.

With the release of the current report, Symantec provides analysis of attacker vulnerability preferences for the first time. This new analysis shows that 64 percent of all new attacks targeted vulnerabilities less than one year old. Additionally, 66 percent of all attacks documented in the first half of 2003 utilized vulnerabilities categorized as highly severe.

Recent activities support Symantec's analysis that the time from discovery to outbreak continues to shorten significantly. The W32.Blaster blended threat occurred only 26 days after the vulnerability was announced. "The Symantec Internet Security Threat Report combines data from the most comprehensive sources of Internet threat information in the world with exceptional analysis from skilled security experts," said Rob Clyde, Symantec's Chief Technology Officer. "As a result, it provides enterprises a reliable, accurate source of up-to-date Internet security trend data required to strengthen their overall corporate security postures."

Additional key findings of the report follow.

Attack Trends

The overall rate of attack activity rose by 19 percent. Companies experienced approximately 38 attacks per company per week in the first half of 2003 compared to 32 attacks during the same period in 2002.
Attacks are categorized as either severe or non-severe in nature. Amongst Symantec Managed Security Services customers, the number of severe attacks continued to decline from 23 percent in the first half of 2002 to 11 percent in the first half of 2003. The 52 percent decline is attributable in part to strengthening security postures among these Symantec Managed Security Services customers.
Attacks are increasingly leveraging worms to carry exploits of known vulnerabilities as a means of creating exposures or security holes on a large number of systems. Attackers are then installing backdoor Trojans on those compromised systems to create large networks of controlled systems (bot nets) that could be used to launch future attacks.
The majority of the top 10 scans, which are a measurement of reconnaissance activity, targeted non-public services such as Microsoft SQL and file sharing. By exploiting services that are common to home and internal corporate networks, the number of potential victims is substantially higher. This trend reinforces the importance of extending security policies and controls beyond public-facing systems.

Vulnerability Trends

Symantec documented 1,432 new vulnerabilities, a 12 percent increase over the number found in the same period the previous year. However, the rate of discovery during the first half of 2003 was significantly slower than the 82 percent increase noted in 2002.
The number of new moderate vulnerabilities increased 21 percent and high severity vulnerabilities increased 6 percent. This trend is driven by the fact that 80 percent of vulnerabilities discovered in the first half of 2003 could be exploited remotely.
Symantec reports that 70 percent of the vulnerabilities found in the first half of 2003 could be easily exploited, due to the fact that no exploit was required or an exploit was readily available. This represents an increase of 10 percent over vulnerabilities discovered during the first half of 2002.

Malicious Code Trends

More than 994 new Win32 viruses and worms were documented in the first half of 2003, more than double the 445 documented in the first half of 2002.
As the use of instant messaging clients and peer-to-peer networking increases, new worms and viruses use these mechanisms to spread. Of the top 50 malicious code submissions documented over the first half of 2003, 19 used peer-to-peer and instant messaging applications-an increase of almost 400 percent in only one year.
Submissions of malicious code with backdoors has risen nearly 50 percent, increasing from 11 submissions to 17 for the first half of 2003. The most visible attempt at theft of confidential data was the release of Bugbear.B in June 2003. The discovery of this variant raised serious concerns since it specifically targeted banking institutions.

Recommended Best Practices
Symantec encourages users and administrators to adhere to the following best security practices to better protect their information assets:

Turn off and remove unneeded services.
Keep patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
Enforce a password policy.
Configure email servers to block or remove email that contains file attachments commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses.
Ensure emergency response procedures are in place.
Test security to ensure adequate controls are in place.

About Symantec's Internet Security Threat Report
Attack trends in the report are based on analyses from Symantec DeepSight Threat Management System and Symantec Managed Security Services. Symantec DeepSight Threat Management System analyzes continuously collected attack data from more than 20,000 registered sensors in more than 180 countries around the world. Vulnerability trends are based on statistical analysis of data housed in the Symantec Security Response vulnerability database, which contains information on more than 8,000 distinct vulnerabilities. Malicious code trends are based on empirical data and expert analysis drawn from Symantec's comprehensive infection and malicious code databases. To download Symantec's Internet Security Threat Report, please visit

View article here @ Symantec
Get more information, download the report, see Q&A, and view the webcast all here

Joined: Oct 2002
Posts: 955
UGN Super Poster
OP Offline
UGN Super Poster
Joined: Oct 2002
Posts: 955
You virii fans may find this little page interesting too

Link Copied to Clipboard
Member Spotlight
The Beach
Posts: 616
Joined: October 2002
Forum Statistics
Average Daily Posts0
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
by JohanKaariainen - 08/15/19 01:18 AM
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Girlie 1
unreal 1
Crime 1
Ice 1
Dartur 1
Powered by UBB.threads™ PHP Forum Software 7.7.5