Browse
related articles
Microsoft's Internet Explorer browser had the highest number of new vulnerabilities (including both vendor confirmed and non-vendor confirmed), with 24. The Mozilla Firefox browser had the highest number of new vendor-confirmed vulnerabilities, with 13.
The average time between the announcement of a vulnerability and the appearance of exploit code was 6.8 days in the second half of 2005, up from 6.0 days. On average, 49 days elapsed between the disclosure of a vulnerability and the release of an associated patch, down from 64 days.
Malicious code trends
As noted above, the use of malicious code for profit is on the rise. During the second half of 2005, malicious code threats that could reveal confidential information rose from 74% of the top 50 malicious code samples studied by Symantec in the last reporting period to 80% this period.
Symantec also observed an increase in modular malicious code, which initially possesses limited functionality but is designed to update itself with new, more damaging capabilities. Modular malicious threats can expose confidential information that is then used in identity theft, credit-card fraud, or other criminal financial activities. During the last six months of 2005, modular malicious code accounted for 88% of the top 50 malicious code samples reported to Symantec, up from 77% last period.
In this same reporting period, more than 10,992 new virus and worm variants were discovered, representing a small increase over the previous reporting period (10,866) but a 49% increase over the same time period last year.
In the last six months of 2005, Sober.X was the most widely reported malicious code sample. This mass-mailing worm, initially discovered on November 19, 2005, was upgraded to a Category 3 threat on November 22. Even though it was in the wild for just over a month, Sober.X was reported more frequently than any other malicious code sample in the entire six-month period.
Additional security risks
As the latest Threat Report observes, with Internet-based services and applications expanding and diversifying, "the potential for computer programs to introduce other types of security risks has increased. The emergence of new risks, particularly spam, phishing, spyware, and adware, has necessitated an expansion of the traditional security taxonomy" beyond the categories of attacks, vulnerabilities, and malicious code.
In the last half of 2005, Symantec blocked 1.5 billion phishing attempts, a 44% increase over the first half of 2005. Symantec detected an average of 7.9 million phishing attempts per day, an increase of 39% over the first half of 2005.
Spam, meanwhile, made up 50% of all monitored email traffic. Spam associated with financial goods and services was the most common type. The United States was the country of origin of 56% of all spam.
Over the last six months of 2005, CometCursor was the most commonly reported spyware program, accounting for 42% of the top 10 spyware programs reported during this period. CometCursor is an Internet Explorer browser "helper object" (or add-on program), which installs a toolbar that has links to affiliate Web sites.
In this same period, the most commonly reported adware program was Websearch, which accounted for 19.1% of the top 10 adware programs reported. Nine of the top 10 adware programs in this period were installed by so-called rogue affiliates, while seven of the top 10 carried a risk rating of "high" or "medium."
Conclusion
Based on the data gathered in this and previous reporting periods, Symantec expects to see more diverse and sophisticated threats used for cybercrime to emerge, as well as an increase in the theft of confidential information for financial gain. The threat landscape has indeed shifted. Enterprises would do well to avail themselves of the insight that the latest Threat Report provides into how cybercrime is happening and how it can be prevented.
Symantec, Middle East
