Midyear Internet threat reports show professional criminals hard at work

It's September, so it's time for Internet security companies to release their annual reports and surveys about the threats seen in the first six months of the year. The reports from IBM, Arbor Networks (free registration required), and Symantec (in PDF) each looked at different areas of the Internet in specific but generally found that botnets are on the rise, and that the tools used for attack have gone professional with less noise from mere amateurs. Two of the reports went to find the top three vendors most affected by newly disclosed vulnerabilities were Microsoft, Apple and Oracle, that the United States hosts the most spam-related Web sites, and the sites most-often phished were financial sites.

Arbor Network reported that botnets, at 29 percent, has replaced denial-of-service attacks, at 24 percent, as the No. 1 threat among its respondents. The ISPs contacted by Arbor Networks for their survey also report that the number of professional denial-of-service attacks have increased markedly over "amateur" attacks. The attacks seem to be targeting specific industries, a finding echoed by Symantec and IBM.

In the first half of 2007, the IBM survey showed a total of 3,273 software vulnerabilities, a 3.3 percent increase over the same period in 2006. Oddly, Symantec showed only 2,461 vulnerabilities, and reported that figure was 3 percent less than during the same period in 2006. The differences between reports can be accounted for by the methodologies used by IBM and Symantec to categorize vulnerabilities and the specific vendors they include in that count; for example, Symantec didn't track the Oracle operating system in its report.

The IBM report showed January was the busiest month for reporting new vulnerabilities with 600 disclosed. January 15 to 21 was the busiest week, responsible for 149 vulnerabilities. IBM also said the top three vendors reporting the most vulnerabilities were Microsoft, Apple and Oracle; together they accounted for 12.6 percent of the total. Symantec said that Microsoft reduced its time-to-patch from 21 days in December to only 18 at the end of July, while Apple only reduced its time-to-patch from 49 days in December to 43 days at the end of July. Symantec did not track Oracle in its report. IBM also noted that an amazing 21 percent of the Microsoft, Apple and Oracle vulnerabilities remained unpatched at the end of July.

On the subject of spam, IBM reported that the United States, Poland and Russia were responsible for most of the world's spam content. Symantec said the top three spam producers were the U.S., "undetermined" EU countries, and China. IBM said the U.S. alone accounts for one-eighth of all spam traffic, and hosts more than one-third of all spam-related Web sites, results similar to those found by Symantec.

IBM also said the U.S. hosts almost half of all the phishing sites located in the United States; again, Symantec's results were similar. Of the phishing sites, 9 of the 10 listed by IBM were financial, a finding shared by Symantec. IBM also reported that pornographic Web sites constitute 9 percent of all the Web sites. The U.S. remains host to a majority of sites focused on violence, crime, pornography, sex, computer crime and illegal drugs. This is unchanged from 2006.

[securitymaven75]

We need to change the way we combat Bots!

It's completely evident that we need to change the way we combat bots. The number of ciminals online is only increasing. In fact I just read that the FBI projects that the cybercrime as a result of botnets will costs businesses up to $67 billion a year.

The big boys in the security industry aren't getting the job done. I think we are going to have to look to the smaller, more specialized companies to create solutions that will actually work. In fact, a smaller botnet company came out with some news today. THe tech sites have said that FireEye's new product combines a global analysis network with an appliance.

These smaller companies are taking the right approach. They are going to try to nip the problem in the bud rather than deal with botnets after the fact.