The folks over at ArsTechnica.com have a summary of IBM’s latest annual report on the state of security and malware threats which you should read:
IBM Internet Security System’s X-Force has released its annual report (PDF) on malware trends and statistics from last year. 2007 saw some significant changes in malware distribution, and there’s reason to think that some of these shifts mark the beginning of new attack patterns rather than small abnormalities. The following are some of the highlights from the report:
- Reported vulnerabilities in 2007 were down five percent compared to 2006, but the number of those vulnerabilities that were classified as severe rose by 28 percent.
- Microsoft, Apple, Oracle, IBM, and Cisco reported the most vulnerabilities, but collectively account for only 13.6 percent of all reported vulnerabilities.
- 90 percent of the 2007 vulnerabilities were exploitable from a remote location, up 1 percent from 2006
- Most in-the-wild exploits are being generated by web toolkits. Prevalence of these toolkits has risen dramatically since they appeared in 2006.
There’s a couple of things in the report that stood out to me. The first being that, contrary to what most people seem to believe, Microsoft products aren’t miles and away worse in terms of security than those of Apple, Oracle, IBM, and Cicso. Of those top 5 vendors a good 80% of the known vulnerabilities have been patched and while that still leaves 20% of them unpatched, that’s still a boatload better than the 50/50 ratio that everyone else tends to have.
The second thing that stood out is the fact that the percentage of exploits that could be accessed remotely jumped from 43.6 percent in 2000 to 89.4 percent this year. That’s huge and shows just how valuable taking over your PC has become to these people:
Trojans were the overall darlings of the year, accounting for 26 percent of all malware distributed. Worms, adware, viruses, and downloaders also grabbed significant chunks of the pie, while keyloggers, rootkits, and spyware all were all confined to small pieces of the market. Trojans were also responsible for the largest number of malcode additions in 2007—a total of 109,246 new Trojans were detected in 2007, compared to 64,173 worms, 55,873 adware programs, and 48,889 viruses.
Those numbers are staggering, though it helps to keep in mind that a lot of these programs are variations on a theme as each hacker modifies the code to try and avoid detection and/or adapt it to their specific goals. It all should act as a reminder of the need to keep your anti-virus software up to date, make use of a decent firewall, and be very careful about knowing exactly what you’re installing on your PC. Some of the more recent, but less successful, exploits have tried to spread themselves through PDF and MP3 files. While some of the most successful exploits are the fake media codecs from sites that tempt you with some outrageous or titillating video that requires you to install a media codec you’ve never heard of before you can watch the clip. When you do you’re suddenly infected with malicious downloader or spyware.