Midyear Internet threat reports show professional criminals hard at work
Data from three threat reports show botnets outpacing denial-of-service attacks in the first half of 2007.
It's September, so it's time for Internet security companies to release their annual reports and surveys about the threats seen in the first six months of the year. The reports from IBM, Arbor Networks (free registration required), and Symantec (in PDF) each looked at different areas of the Internet in specific but generally found that botnets are on the rise, and that the tools used for attack have gone professional with less noise from mere amateurs. Two of the reports went to find the top three vendors most affected by newly disclosed vulnerabilities were Microsoft, Apple and Oracle, that the United States hosts the most spam-related Web sites, and the sites most-often phished were financial sites.
Arbor Network reported that botnets, at 29 percent, has replaced denial-of-service attacks, at 24 percent, as the No. 1 threat among its respondents. The ISPs contacted by Arbor Networks for their survey also report that the number of professional denial-of-service attacks have increased markedly over "amateur" attacks. The attacks seem to be targeting specific industries, a finding echoed by Symantec and IBM.
In the first half of 2007, the IBM survey showed a total of 3,273 software vulnerabilities, a 3.3 percent increase over the same period in 2006. Oddly, Symantec showed only 2,461 vulnerabilities, and reported that figure was 3 percent less than during the same period in 2006. The differences between reports can be accounted for by the methodologies used by IBM and Symantec to categorize vulnerabilities and the specific vendors they include in that count; for example, Symantec didn't track the Oracle operating system in its report.
The IBM report showed January was the busiest month for reporting new vulnerabilities with 600 disclosed. January 15 to 21 was the busiest week, responsible for 149 vulnerabilities. IBM also said the top three vendors reporting the most vulnerabilities were Microsoft, Apple and Oracle; together they accounted for 12.6 percent of the total. Symantec said that Microsoft reduced its time-to-patch from 21 days in December to only 18 at the end of July, while Apple only reduced its time-to-patch from 49 days in December to 43 days at the end of July. Symantec did not track Oracle in its report. IBM also noted that an amazing 21 percent of the Microsoft, Apple and Oracle vulnerabilities remained unpatched at the end of July.
On the subject of spam, IBM reported that the United States, Poland and Russia were responsible for most of the world's spam content. Symantec said the top three spam producers were the U.S., "undetermined" EU countries, and China. IBM said the U.S. alone accounts for one-eighth of all spam traffic, and hosts more than one-third of all spam-related Web sites, results similar to those found by Symantec.
IBM also said the U.S. hosts almost half of all the phishing sites located in the United States; again, Symantec's results were similar. Of the phishing sites, 9 of the 10 listed by IBM were financial, a finding shared by Symantec. IBM also reported that pornographic Web sites constitute 9 percent of all the Web sites. The U.S. remains host to a majority of sites focused on violence, crime, pornography, sex, computer crime and illegal drugs. This is unchanged from 2006.