Symantec: Viruses Are Becoming Faster And More Complex

[InfoSec News <isn () c4i org>]

Forwarded from: Justin Lundy <jbl () tegatai com>

http://www.informationweek.com/story/showArticle.jhtml?articleID=15201000

By Gregg Keizer
TechWeb News
Oct 1, 2003

Attackers are targeting the newest security vulnerabilities, giving 
businesses less time to patch and protect their systems, according to a 
report released Wednesday by Symantec Corp. 

The security vendor's twice-annual Internet Security Threat Report,
which compiles data from customers as well as from more than 20,000
sensors embedded in its global DeepSight Threat analysis system,
paints an ugly picture. "This has a very fundamental impact on
enterprises," said Vincent Weafer, senior director of Symantec's
security response center, "and puts the spotlight on patch-management
issues."

Data compiled by Symantec, one of the leading providers of security
services and products, shows that 64% of attacks during the first six
months of this year were aimed at vulnerabilities less than one year
old; most of those--39% percent--targeted security flaws that had been
disclosed in the previous six months.

"That's a major change," said Weafer, who pointed out that in the
past, most attacks exploited vulnerabilities as old as two years. "Now
attacks are changing to leverage the newest vulnerabilities."

The rush to protect--as evidenced by the short span between the
disclosure of the RPC DCOM vulnerability and the appearance of the
Blaster worm just 26 days later--means that companies find it
increasingly difficult to patch all their systems before an attack
arises.

"Risk assessment is becoming more important, and is a huge issue for
enterprises," Weafer said. "Companies are struggling with questions
like 'How do I prioritize?' and 'How do I determine which
vulnerability to patch?' That's a common theme we're seeing from all
the large enterprises."

The solution, he said, is solid risk intelligence that not only waves
a red flag when exploits appear--or even before--but that gauges the
likelihood of that exploit being dangerous, based on past performance
by similar threats.

Among the other major trends, Symantec spotted a significant increase
in the number of blended threats--ones that use multiple vectors such
as E-mail, instant messaging, Internet Relay Channel, and peer-to-peer
networks to infect and compromise systems.

"The blended threat story is continuing to evolve," said Weafer, "but
it's the big story here." According to Symantec's data, the number of
blended threats rose 20% during the first six months of this year over
the first half of 2002.

To deflect these blended threats, companies need to deploy a wide
range of security services, Weafer said, including firewalls,
anti-virus guardians at the gateway, and intrusion-detection and
prevention systems.

An increasing number of attacks against Windows is another noticeable
trend, he said, something that few companies need confirmation of,
what with the wave of attacks that have targeted vulnerabilities in
Windows so far this year.

In the first six months of 2003, the number of viruses and worms aimed
at Windows more than doubled compared to the same period in 2002,
Symantec's numbers showed.

While Weafer was reluctant to blame Microsoft for the problem, he said
Microsoft's products would always be among the top targets because of
their dominance on the desktop and within the network.

In particular, Symantec expects that Microsoft's Web server and its
Internet Explorer browser will be among the targets of future attacks,
thanks to published vulnerabilities and their popularity.

Symantec passed out advice as well as numbers in its report, and urged
businesses to keep patches up-to-date on computers that host public
services and are accessible through the firewall, such as HTTP, FTP,
mail, and DNS services; turn off or remove unnecessary services,
especially within Windows; and quickly isolate any infected computers
to prevent them from spreading malicious code through the
organization.

"The world is simply more connected," Weafer said as he pointed out
that 80% of all vulnerabilities can be exploited remotely over the
Internet.  "And we're going to see more of these worms."

Justin Lundy
Tegatai Systems
www.tegatai.com



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.