An increasing number of worms and viruses are blended threats, giving them multiple ways to
get into a network and multiple ways to damage it, according to a new study from Symantec
Corp.
The report also shows that the number of vulnerabilities has leveled off over the past
year. And that sounds like good news until you realize that it’s leveled off at about seven
software security flaws being discovered every day, adding up to 2,636 new vulnerabilities
a year.
”That’s a lot. That’s really bad news,” says Tony Vincent, lead global security architect
for Symantec. ”I think we’re seeing a lot of damage because of the number of
vulnerabilities, the number of blended threats and because the virus writers are targeting
bigger things.”
Vincent says the most surprising part of the Internet Security Threat Report is the
mounting incidents of blended threats. These worms have several different ways of
propagating across the network. They may have mass-mailing mechanisms, along with the
ability to seek out backdoors left open by previous viruses, and the ability to seek out
software vulnerabilities to exploit. Once they’re in a machine, they have multiple means of
causing trouble. They might leave a backdoor or Trojan, they can delete information and
they can cull email addresses for the computer’s hard drive.
And blended threats are wreaking havoc.
According to the Symantec report, blended threats were responsible for some of the most
significant security events of the year, which occurred last August when the Internet
experienced three new Category 4 worms in only 12 days. These worms — Blaster, Welchia,
and Sobig.F — infected millions of computers worldwide and, according to estimates by
Computer Economics, may have resulted in up to $2 billion in damages.
More recently, MyDoom, Nimda, Sobig and Bagle are all considered to be blended threats.
”This is dangerous because an IT manager can do all the right things to protect his
company from a particular threat, but if he misses just one thing, he’s still going to end
up with a big problem,” says Vincent. ”You can patch all the vulnerabilities and talk to
users about not opening attachments, but if you have one machine on the network with a
backdoor open, it will still get into your network.”
And more blended threats mean that more worms and viruses are ‘successful’.
In the first half of 2003, only one-sixth of the companies analyzed reported a serious
security breach, according to Symantec’s report. In the second half of the year, half of
the companies reported a serious breach. This rise is largely the result of increasingly
‘successful’ worms, which remain the most common source of attack activity. And almost
one-third of all attacking systems targeted the vulnerability exploited by the Blaster
worm, which hit the Internet like a steaming locomotive late last summer.
Financial services, healthcare, and power and energy were among the industries hardest hit
by severe security events.
How Vulnerable Are We?
On the positive side, 2003 saw only 49 more reported software vulnerabilities than in 2002,
taking the total number from 2,587 to 2,636. Last year, that averaged out to seven new
vulnerabilities discovered every day.
”On the silver lining side, while we documented a dramatic growth in vulnerabilities over
the past several years, the rate of that increase has started to slow down a little bit,”
says Vincent.
But that’s where the good news ends.
Vincent also notes that of those 2,636 vulnerabilities reported last year, 70 percent were
classified as easy to exploit, compared to 60 percent the year before. The study also shows
that the number of moderately severe vulnerabilities increased from an average of 98 per
month in 2002 to an average of 115 per month in 2003.
”That’s a really big concern,” he adds.
Client-side vulnerabilities in Microsoft Internet Explorer are on the rise, going from 20
in the first half of 2003 to 34 in the second half of the year. That’s an increase of 70
percent. Many of these vulnerabilities allow attackers to compromise the systems of client
users who visit Web sites hosting malicious content, intentionally or not. The primary
reason for concern over this trend is the massive market dominance of Internet Explorer.
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2020
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Anticipating The Coming Wave Of AI Enhanced PCs
FEATURE | By Rob Enderle,
September 05, 2020
The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
August 14, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.