Symantec's latest Internet Security Threat Report (Volume V) says the time lapse between a vulnerability being discovered and its being exploited is shrinking to such an extent that they may soon happen on the same day.
The report also points to a continued rise in blended threats, increased vulnerabilities targeting Windows components and escalating discovery of severe vulnerabilities.
Blended threats made up 54% of the top 10 malicious code submissions over the last six months of 2003. These threats caused widespread damage more quickly than ever before due to increased propagation speed, aided in part by improved bandwidth and decreased latency, the report states.
Threats targeting core Windows components are more widespread than the server software targeted by previous network-based worms, resulting in a much higher density of vulnerable systems.
Levelling off
The report says the number of new vulnerabilities being discovered has levelled off. However, newly discovered vulnerabilities are more severe, based on their impact, remote exploitability, authentication and availability.
This, in addition to the shrinking time-span between discovery and exploit, suggest that "zero-day" threats may be imminent. "Such threats target vulnerabilities before they are announced and patches are made available, making prevention and containment extremely challenging."
The full report can be found on the vendor's Web site.
Share
