[ISN] Symantec: Viruses Are Becoming Faster And More Complex

From: InfoSec News (isn@private)
Date: Thu Oct 02 2003 - 02:45:22 PDT

  • Next message: InfoSec News: "[ISN] DHS cyber division taking shape, despite concerns about waning influence"

    Forwarded from: Justin Lundy <jbl@private>
    
    http://www.informationweek.com/story/showArticle.jhtml?articleID=15201000
    
    By Gregg Keizer
    TechWeb News
    Oct 1, 2003
    
    Attackers are targeting the newest security vulnerabilities, giving 
    businesses less time to patch and protect their systems, according to a 
    report released Wednesday by Symantec Corp. 
    
    The security vendor's twice-annual Internet Security Threat Report,
    which compiles data from customers as well as from more than 20,000
    sensors embedded in its global DeepSight Threat analysis system,
    paints an ugly picture. "This has a very fundamental impact on
    enterprises," said Vincent Weafer, senior director of Symantec's
    security response center, "and puts the spotlight on patch-management
    issues."
    
    Data compiled by Symantec, one of the leading providers of security
    services and products, shows that 64% of attacks during the first six
    months of this year were aimed at vulnerabilities less than one year
    old; most of those--39% percent--targeted security flaws that had been
    disclosed in the previous six months.
    
    "That's a major change," said Weafer, who pointed out that in the
    past, most attacks exploited vulnerabilities as old as two years. "Now
    attacks are changing to leverage the newest vulnerabilities."
    
    The rush to protect--as evidenced by the short span between the
    disclosure of the RPC DCOM vulnerability and the appearance of the
    Blaster worm just 26 days later--means that companies find it
    increasingly difficult to patch all their systems before an attack
    arises.
    
    "Risk assessment is becoming more important, and is a huge issue for
    enterprises," Weafer said. "Companies are struggling with questions
    like 'How do I prioritize?' and 'How do I determine which
    vulnerability to patch?' That's a common theme we're seeing from all
    the large enterprises."
    
    The solution, he said, is solid risk intelligence that not only waves
    a red flag when exploits appear--or even before--but that gauges the
    likelihood of that exploit being dangerous, based on past performance
    by similar threats.
    
    Among the other major trends, Symantec spotted a significant increase
    in the number of blended threats--ones that use multiple vectors such
    as E-mail, instant messaging, Internet Relay Channel, and peer-to-peer
    networks to infect and compromise systems.
    
    "The blended threat story is continuing to evolve," said Weafer, "but
    it's the big story here." According to Symantec's data, the number of
    blended threats rose 20% during the first six months of this year over
    the first half of 2002.
    
    To deflect these blended threats, companies need to deploy a wide
    range of security services, Weafer said, including firewalls,
    anti-virus guardians at the gateway, and intrusion-detection and
    prevention systems.
    
    An increasing number of attacks against Windows is another noticeable
    trend, he said, something that few companies need confirmation of,
    what with the wave of attacks that have targeted vulnerabilities in
    Windows so far this year.
    
    In the first six months of 2003, the number of viruses and worms aimed
    at Windows more than doubled compared to the same period in 2002,
    Symantec's numbers showed.
    
    While Weafer was reluctant to blame Microsoft for the problem, he said
    Microsoft's products would always be among the top targets because of
    their dominance on the desktop and within the network.
    
    In particular, Symantec expects that Microsoft's Web server and its
    Internet Explorer browser will be among the targets of future attacks,
    thanks to published vulnerabilities and their popularity.
    
    Symantec passed out advice as well as numbers in its report, and urged
    businesses to keep patches up-to-date on computers that host public
    services and are accessible through the firewall, such as HTTP, FTP,
    mail, and DNS services; turn off or remove unnecessary services,
    especially within Windows; and quickly isolate any infected computers
    to prevent them from spreading malicious code through the
    organization.
    
    "The world is simply more connected," Weafer said as he pointed out
    that 80% of all vulnerabilities can be exploited remotely over the
    Internet.  "And we're going to see more of these worms."
    
    Justin Lundy
    Tegatai Systems
    www.tegatai.com
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Oct 02 2003 - 05:42:46 PDT