Feeds

Malicious code threats celebrate bumper 2003

Privacy under backdoors and blended assault

  • alert
  • submit to reddit

Securing Web Applications Made Simple and Scalable

Malicious code threats to privacy and confidentiality increased rapidly in the final six months of last year - up 148 per cent on the first half of 2003.

Virus writers increasingly targeted backdoors left by other attackers and worms in their attempts to spread malicious code, according to the latest edition of Symantec's Internet Security Threat Report. Blended threats - like Blaster, Welchia and SoBig-F - make up 54 per cent of Symantec’s top ten risks for 2H2003. More recently, the Doomjuice and Deadhat blended threats both exploited the backdoor left by MyDoom in January this year.

Older threats compromised confidentiality by exporting random documents. More recent viruses and blended threats also extract passwords, decryption keys and logged keystrokes.

Symantec chronicled 2,636 new vulnerabilities during 2003 - an average of seven new flaws a day – 70 per cent of which it categorises as easily exploitable. The number of vulnerabilities logged in 2003 is up just two per cent from 2002 compared to a leap of 81 per cent between 2001 and 2002.

Symantec’s Internet Security Threat Report (published today) reveals that almost one third of all attacking systems targeted the vulnerability exploited by Blaster and its successors. Older worms also continue to spread thanks to the continued availability of unpatched systems needed to sustain them.

"Attackers require no specialised knowledge to gain unauthorised access to a network when vulnerabilities are easy to exploit," said Symantec's Technical Services Director, Richard Archdeacon.

"And, as the time between disclosure and exploitation of vulnerabilities continues to shrink, zero-day threats that target vulnerabilities before they are known, are expected. Patch management continues to be critical, but companies are struggling to manage it themselves." ®

Related stories

Blaster beats up British business
War of the worms turns into war of words
Cyber attacks down, but vulns soar
Worms spread faster, blended threats grow

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.