Computerworld

OS vulnerabilities drop in 2006

Spam still on the up

Internet Security Systems (ISS) and MessageLabs released a synopsys of 2006 security trends yesterday, with both companies revealing a marked increase in spam throughout the year.

ISS discovered a 100 per cent increase year on year in spam. From December 2006 through until January 2007 Messagelabs found a 1.5 per cent increase in spam globally.

In January, spam totalled 75.8 per cent of all e-mails captured by MessageLabs' Traffic Management in January.

In Australia, spam levels increased 0.1 per cent in January according to the MessageLabs 2007 Intelligence Report.

The report also found the amount of viruses hidden in e-mail traffic had increased 0.08 per cent since last month, accounting for one in 119.9 e-mails, with a stern warning about the new wave of refined Trojan code called Rustock.

"It is now believed that the suspected Russian criminals responsible for last year's Trojan, SpamThru, have been updating their botnets to another Trojan bot called Rustock," the report said.

"Rustock allows spammers to send out image spam, which is more difficult for traditional anti-spam software to accurately identify.

"Finally, 80.2 per cent of Web viruses intercepted were from uncategorized sites suggesting that they were being used for domain kiting and other disreputable purposes to host phishing and spam sites."

The ISS 2006 security statistics report identified advances in image spam technology, operating system holes, and an increased hacker focus on Web browser vulnerabilities as the top concerns for 2007.

The ISS X Force research and development team has predicted new forms of image spam will be pervasive throughout 2007.

It will be specifically designed to evade capture, however, IBM ISS director of security strategy, Gunter Ollmann, said the good news is the drop in high-impact vulnerabilities.

"In 2005 high-impact vulnerabilities accounted for about 28 per cent of total vulnerabilities, while they only accounted for 18 per cent in 2006," Ollmann said.

"The security industry has made great progress over the last year, but despite promising statistics such as this one, we predict that 2007 will require higher levels of vigilance and innovation to deal with emerging threats and new vectors of attack."

According to X Force there were 20 new vulnerabilities discovered daily in 2006, 88 per cent of which could be exploited remotely, with more than half allowing attackers complete access after the vulnerability was exploited.