Security Response

Now that all of the hard work has been done by everyone else compiling the stats and the 100+ page report, it’s time for a glance at the tea leaves. (Typical product manager.) ;-) This blog will serve as a very abbreviated recap of the Future Watch section of the latest ISTR, which looks ahead to the short-term horizon for what we think some of the main issues will be. This isn’t the "toaster is infected with a worm which jumped there from a flawed RFID chip” type of stuff; rather, it’s the patterns that we see forming that are either right around the corner, or are already showing signs of being a clear pattern. Your toaster is safe for now. :-)

While the ISTR report itself discusses both Windows Vista and Web 2.0 issues in the Future Watch section, I’m going to pass on those topics here, as we’ve already provided in-depth coverage of both in previous blogs. (You can find these blogs in the...

This year will probably go down in historyas the year of Microsoft Office vulnerabilities. Never before have weseen such a high level of activity around the discovery andexploitation of vulnerabilities in the Microsoft Office applicationsuite. Ever since the uncovering of a series of vulnerabilities acrossthe range of Microsoft Office applications in early March of this year,we have seen a considerable pickup in activity. We have been receivinga steady stream of new malicious code that uses zero-day exploits forone or more of the applications that make up this suite. Just toreinforce this point, on September 27, 2006, we received samples of newmalware that uses yet another Microsoft PowerPoint zero-dayvulnerability. We have added detection for this new Trojan as Trojan.PPDropper.F.

“Why the sudden interest in Office applications?” some...

We have just released the 10th edition of the Symantec Internet Security Threat Report (ISTR). For the past five years, Symantec has been tracking the various trends in Internet security—involving malicious code, vulnerabilities, and Internet attacks—and compiling them twice a year into the ISTR. In my experience working as a vulnerability analyst, moderating Bugtraq, and contributing to the ISTR, there is one thing that is certain: vulnerabilities are on the rise. For the period affecting the current ISTR X release, we logged 2,249 new vulnerability records into our database, which is also a new high for the most new vulnerabilities in any given six-month period. The previous high was 1,912 new vulnerability records, which was reported in the second half of 2005. As usual, the majority of these vulnerabilities affect Web-based applications (68%-69%).

Not only are there more vulnerabilities, there are more affected vendors than ever before. In light of the...

The Internet attack threat landscape has definitely changed. Long gone are the days when it was easy for bot network owners and script kiddies to run their favorite publicly available exploit for the vulnerability of the week. They could take control of as many computers as they bothered to take the time to attack. Really, the flurry of remotely available network-based vulnerabilities and their corresponding attacks that exploded in the first few years of the twenty-first century were culminations of the type of attack that was exploited by the Morris Worm, back in 1988. Microsoft Windows was the ideal target: coded for commercial purposes, security was still in its infancy and it was ripe for the harvest.

Today, perimeter security technologies, such as firewalls, are a part of the standard vocabulary of your average computer user. Microsoft even packaged one with their operating system and enabled it by default, quickly making opportunistic attacks...