The Internet Security Threat Report--based on an analysis of six months of data from the security company's widespread intrusion-detection network--found that two-thirds of new attacks take advantage of vulnerabilities less than a year old. The, for example, appeared 26 days after Microsoft warned customers about the security flaw exploited by the worm.
"The window for us to get things fixed is a great deal smaller," said Alfred Huger, a senior director of engineering for Symantec. "If you have a window of less than a month to get things fixed, that is pretty problematic for any large enterprise."
The report, which uses data from more than 20,000 sensors in 180 countries, found that four out of 10 attacks took place less than six months after the first release of information about a flaw.
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
The report also found that more-complex worms and viruses--known in the antivirus industry as blended threats--are becoming the attack of choice among Internet vandals. Such threats often exploit several different flaws to increase the chance of infecting a computer system. The number of attacks that could be classified as a blended threat in the first half of 2003 was 20 percent higher than in the previous six months, according to the report.
Moreover, threats are increasingly targeting specific goals, Symantec found., which started spreading in June, targeted certain financial institutions with attacks that stole confidential information and passwords (though it's not known how effective those attacks were). The are designed to aid spammers by allowing bulk e-mailers to use home computers infected by the virus as relay points for sending mass quantities of e-mail.
The report's conclusion that attacks are increasing reverses the findings of a Symantec report published in February. In that, the Cupertino, Calif.-based security company found that Internet attacks against companies had fallen in the last half of 2002.