A few thought's on Microsoft latest Intelligence report. Although the number of reported vulnerabilities apparently has decreased, the number of high severity vulnerabilities has increased. And while there continues to be a decrease in viruses reported, there was an increase in password stealing exploits. One really interesting piece of information is the amount of Trojan downloaders and droppers, which is maybe why worms, backdoors, password stealing, and monitoring software has stayed basically the same or increased. The report also signifies that most of the developing countries fall victim to these vulnerabilities, compared to more advanced economies. Although from other reports that I read, the U.S. and China seem to have higher incidents than the other economic developed powers. China, for example, with the latest MS08-67 RPC exploit seems to have been hit harder then the US or other economic advanced nations.
Last year I heard Dan Geer at the Forrester Security Conference talk about the difficulty of measuring information security events. The fact that you may have gotten 1 alert concerning a download but what did not get reported was the 6 payloads that it left behind that went undetected. For those of us that had to follow up on initial viruses, worms, trojans and other incidents know that there is usually more there then what was discovered during the first cleanup attempt and that the ratio of what is reported compared to what was there was more like 10:1 depending on the incident.
There is an interesting article on the CDC site called "Contagion on the Internet" by Trudy M. Wassenar and Martin J. Blaser. Although written in 2002, this article is still relevant today comparing the similarities of the biological and virtual tiny monsters.
Leave a comment