Viruses Down, Software Vulnerabilities Up
London, UK - 17th January 2002, 1630 GMT - New trends are emerging
with software vulnerabilities becoming the key issue over viruses in 2002.
The latest figures compiled by the mi2g Intelligence Unit show a decrease
of 41% in new virus species from 413 in 2000 to 245 in 2001. However, according
to CERT, global software vulnerabilities have increased by 124% from 1,090
in 2000 to 2,437 in 2001.
As new software vulnerabilities are exploited by virus writers, disgruntled
employees and hacktivists, corporations are having to patch up their systems
continuously. Carlsbad-based Computer Economics has estimated the worldwide
economic impact of malicious code attacks at US$ 13.2 Billion in 2001. The
most significant attacks from internet worms exploiting vulnerabilities were
Code Red ($2.62 Billion), SirCam ($1.15 Billion) and Nimda ($635 Million).
In each case, Microsoft product vulnerabilities were exploited.
Where mi2g could trace and compare the origin of the virus species, Europe
led the world in the development of those viruses at 57%, of which 21% originated
from Eastern Europe including Russia. North America accounted for 17%, followed
by the Far East at 13%.
There are a number of prolific serial virus writers: “Zombie,” “Benny,” “Black
Baron,” “David L Smith” and “Chen Ing-Hau”. Most virus writers tend to be fairly
young (late teens, early 20s), often male, and get no commercial benefit. Steve
Trilling, at Symantec, said “With more and more critical business and government
functions conducted online, we could see more ‘professional’ types of attackers.”
Other Trends for 2002
Digital risk is increasingly coming from automated and self-propagating
worm attacks. According to separate research by Kaspersky Lab of Russia, 60%
of attacks were from worms exploiting vulnerabilities in 2001 whereas this
figure was only 30% in 2000 and 11% in 1999. In an opposite trend, the number
of macro virus incidents has been steadily decreasing – from 79% in 1999 to
52% in 2000 and 30% in 2001.
Why are so many vulnerabilities coming to light?
“Software vendors have been keen to profit from new products without paying
adequate attention to the long term quality issues such as trusted computing
and the security perspective,” said DK Matai, Chairman and
CEO of mi2g. “As evidenced by the recent sea
change in Microsoft’s priorities, the focus on product development from day
one has to be on security as it cannot be bolted on.”
Notes to Editors
More statistics can be obtained from www.mi2g.com/status/viruses
mi2g Digital Solutions Engineering pays particular regard to security.
mi2g advises on the management of eRisk and incorporates Bespoke Security
Architecture in its SMART sourcing solutions. mi2g builds highly secure
intranets and extranets, digital communities and data warehouses that are
specifically constructed for data mining, customer relationship management
and enhancing the network effect.
For further information - www.mi2g.com
What is Bespoke Security Architecture?
Bespoke Security Architecture brings together firewall layers, intrusion
detection and other defensive structures, as well as automated intelligence
techniques with legal, human resource and company policies.
What is eRisk Management?
eRisk Management deals with a variety of issues associated with implementing
digital solutions and integrating Service Level Management. It includes selecting
the optimum technology set, managing external partners and alliances, linking
payments to targets, defining rigorous quality control procedures, managing
the growth in online traffic post launch, achieving the expected return on
investment, and bringing about the changes in the corporate culture required
for successful eBusiness.
What is SMART Sourcing?
mi2g SMART Sourcing is the careful selection of cost effective and
trustworthy suppliers from around the world for building and maintaining highly
secure digital platforms on a 24 by 7 basis.
For additional information please contact - Intelligence
Telephone: +44 (0) 20 7924 3010 - Facsimile: +44 (0) 20
7924 3310 - eMail: Intelligence