The latest Symantec
Internet Threat Report
indicates a reduction in the number of
attacks but a surge in bot networks with 30,000 new systems hijacked every day.
There are also a number of other interesting developments to watch.


Twice each year Symantec publishes a compilation and
analysis of new Internet threats based on both published vulnerability reports
and actual attacks against the machines that Symantec regularly monitors.

The report for the first half of 2004 shows that the number
of economic-based threats is increasing rapidly and is mainly directed at
e-commerce sites. This is especially worrisome because phishing, data mining,
theft of industrial secrets, and denial of service attacks motivated by a
desire for economic gain are likely to be more “professionally” created and
pursued. This is a much greater threat than the threat posed by the attacks of
script kiddies and old-style hackers who are more likely to be motivated by
passing whims or social factors.

The good news is that there was actually a decline in the
volume of daily attacks during the first part of 2004. This is mostly due to
the fact that there was less Internet-based worm activity during the first half
of 2004, or at least there wasn’t one huge virus/worm outbreak.

Also, as highlighted in a CNET article
that covered the study, Symantec discovered that the average number of bots perpetrated
per day has surged from 2,000 to 30,000. The diversity of different kinds of
bots (e.g., peer-to-peer, IRC, and file sharing) has also multiplied

Another very troubling discovery for IT professionals is the
fact that 40 percent of Fortune 100 companies were a source of worm traffic.

Web applications have been seen to be an increasing threat
to enterprise operations, with nearly 40 percent of newly disclosed
vulnerabilities being found in these business services that are Internet-enabled.
A large percentage of the vulnerabilities were considered both serious and easy
to exploit.

The Symantec Internet Security Threat Report for January 1,
2004 through June 30, 2004 is a 60-page document just packed with interesting and
useful threat statistics and analysis as well as pages of predictions. There is
far more information in the actual report than I could even touch upon here.

Linux administrators should take note of the statement in
the outlook section of this report where Symantec experts indicate that, in
part because of the appearance of an increasing number of Linux/UNIX
vulnerabilities, attacks against Linux/UNIX systems are likely to increase in
the near future.

Those who look to weekly security updates as a way to
protect their systems should take note of the Symantec finding that the average
time between public disclosure of a vulnerability and the initial appearance of
an exploit is less than six days.

Final word

I certainly believe the report that bot numbers have surged.
I recently discovered a bot on a Windows XP system (with no patches) that was
fully protected by a commercial personal firewall and an antivirus program—and it
was on a dialup connection. No damage resulted other than the time needed to
switch operations to another system but it is indicative of the level of the
threat that a firewall-protected dialup system was successfully infected
despite the fact that I’ve never opened an e-mail attachment or viewed a
message in HTML on that system for five years or more. I don’t use Outlook or
Outlook Express and only get e-mail services from online providers using virus
scanning. And still a bot managed to sneak its way into that machine.

Also watch for …

  • Keep
    in mind that Mozilla and Firefox have both recently been patched for a
    number of vulnerabilities.
    I mention that because statistics have shown an increasing number of
    companies are turning to Mozilla and Firefox to avoid the many problems in
    Internet Explorer. Some users may feel that the alternative browsers are
    much less vulnerable and I am concerned that some may therefore let down
    their guard and forget that they still need to track new patches.
  • In
    hacker news, the German teen who confessed to creating Netsky and Sasser
    has been offered a security job at Securepoint. I’m certain that
    Securepoint clients will be interested in learning this. Following the
    German company’s lead, perhaps we should look for new FBI special agents
    among the recent parolees of the federal penal system.
    reports a new firewall
    configuration vulnerability found in Windows XP SP2 and publishes an
    exploit. This threat can allow remote users to view shared files.
  • Sun
    Microsystems Java Enterprise System 2004Q2 and System 2003Q4 contain a DoS
    . A patch is available and there is no known workaround.