[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] IBM Researchers Predict More Vulnerabilities in '07
From: InfoSec News <alerts () infosecnews ! org>
Date: 2007-01-31 7:11:49
Message-ID: Pine.LNX.4.61.0701310111390.7094 () conundrum ! infosecnews ! org
[Download RAW message or body]
http://www.eweek.com/article2/0,1895,2088851,00.asp
By Matt Hines
January 30, 2007
New research indicates that enterprises will continue to grapple with
long lists of dangerous software vulnerabilities during 2007, with
experts at IBM predicting continued growth in the number of flaws found
in popular products over the next twelve months.
According to a report published by IBM's ISS (Internet Security Systems)
X-Force research team on Jan. 30, the group observed just under 7,250
vulnerabilities during calendar 2006, which breaks down to an average of
20 new software flaws being isolated every day, and represents a 40
percent increase over the number of vulnerabilities discovered during
2005.
Perhaps even more imposing is the researchers' contention that more than
88 percent of the newly-found vulnerabilities in '06 could be exploited
remotely, an all-time high, with over 50 percent allowing hackers to
gain access to devices after the flaws have been flaunted.
With the launch of high-profile new software systems such as Microsoft's
Windows Vista operating system in 2007, the researchers with IBM, based
in Armonk, N.Y., are predicting that the next twelve months could be
even more threatening from a security standpoint.
While developers of Vista and other products are putting more effort
into securing their code and eliminating security loopholes, the experts
said that the sheer complexity of such programs will create even more
vulnerabilities.
Another mitigating factor will be the arrival of many new third-party
products meant to run on Vista, the ISS team said, as well as the
growing use among malware code writers of so-called fuzzing tools, which
automate the process of ferreting out software loopholes.
As desktop security tools have stemmed the flow of malware programs
arriving in e-mail in-boxes, the use of fuzzing tools has helped hackers
isolate weaknesses in Web browsing software, making the Internet the top
source of malware, said Gunter Ollmann, director of security strategy
for IBM ISS.
"The script kiddies of old went off to university and learned how to
build and use fuzzing programs, and they're taking that experience and
applying it to uncover vulnerabilities in content-level applications,"
said Ollmann.
"While the amount of [malware] content making it through from e-mail has
gone down, and the volume of payloads making it to the desktop without
being filtered has dropped, attackers have honed into Web browser
vulnerabilities and there's less protection out there for this sort of
threat, even within enterprises."
Ollmann said that IBM's researchers believe that the use of fuzzers has
led to the rise in malware programs that attack application
vulnerabilities, and that the technique will continue to take root among
hackers.
Underground malware communities are taking full advantage of the
newly-discovered flaws, and are using them to gain entry to devices and
install other malware, he said.
"The script kiddies of old went off to university and learned how to
build and use fuzzing programs, and they're taking that experience and
applying it to uncover vulnerabilities in content-level applications,"
said Ollmann.
It has also become easier for attackers to use the vulnerabilities in
browser programs to build engines on Web servers that detect what type
of software an individual is using and then launch malware programs that
can take advantage of applications with holes that they have discovered.
The malware writers are also using people's IP address information to
tailor the content they attempt to deliver to a certain target.
"If a malware site such as this sees Internet Explorer 6, they send
something different than if they see IE 7; there's a lot of logic in
these engines," Ollmann said. "The site will look at the first request
the browser makes and then find the right payload to deliver when the
browser makes a second request. It happens that fast."
The researcher said that malware communities are also sharing lists of
IP addresses to find specific sets of targets to assail with their
programs, and to help identify accounts used by security software makers
to help detect new attacks and code variations.
Traditional signature-based anti-virus products, versus
behavior-oriented tools, are still failing to stop even those threats
aimed at well-known vulnerabilities, according to Ollman, who noted that
the most popular exploit used to infect Web browsers with malware in
2006 was the Microsoft MS-ITS vulnerability, first disclosed in 2004.
Over the course of 2006, June was the month that saw the highest volume
of new software vulnerabilities, while the week before the Thanksgiving
holiday was the busiest week of the year.
IBM reported that so-called downloaders, also known as Trojan Viruses,
which install themselves and attempt to retrieve other malware programs,
represented the most popular form of threat seen in '06, accounting for
22 percent of all attacks.
Among the other findings highlighted in the report was news that the
volume of spam increased by 100 percent during the last year, and that
the United States, Spain and France were the three top sources of spam
worldwide.
In a reflection of the number of experienced users and businesses run in
Germany, German was the second most popular language for spam e-mails,
Ollmann said, but the volume of spam written in English still represents
approximately 92 percent of the messages.
In a nod to the art of simplicity, the most popular subject line for
spam in 2006 was "Re: hi," according to the report. South Korea accounts
for the highest source of phishing e-mails, according to the report, and
Web sites that host pornographic or sex-related content represented 12
percent of the Internet last year.
_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic