Datamation Logo

Steep Rise In ‘Net Viruses, Software Security Flaws

January 14, 2002
Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The number of viruses and other types of attacks making rounds on the Internet, and the number of security vulnerabilities
discovered in software, climbed dramatically in 2001, according to newly issued statistics by the Computer Emergency Response Team
Coordination Center (CERT/CC).

CERT’s statistics, issued Friday, indicated that the number of incidents rocketed from 21,756 reported in 2000 to 52,658 reported in
2001. For comparison’s sake, CERT said there were 9,859 reports in 1999, 3,734 in 1998 and six in 1988. To be clear, an incident may
involve one site or thousands and may take place over a long period of time.

“The increase [in incidents] we can basically attribute to an increased sensitivity and an increased awareness as to what
constitutes an incident,” said Chad Dougherty, Internet security analyst at CERT.

Dougherty noted there was also an increase in large scale malicious code incidents — like Code Red, Nimda and Sircam — in 2001.

“It does appear that intruders are getting more sophisticated,” Dougherty said. “In the Nimda worm, you saw a lot of techniques that
other malicious code attacks had used. Intruders are starting to target pieces of software and technology that are most widely
deployed.”

And intruders that are targeting popularly deployed software and technology are finding cracks that allow them to worm their way
into systems. CERT said there were 2,437 vulnerabilities reported in 2001, up from 1,090 in 2000 and 417 in 1999. Both Code Red and
Nimda targeted Microsoft Corp.’s Internet Information Service (IIS) Web server software, which had a large share of the
vulnerabilities reported in 2001.

Dougherty said that the increase in vulnerabilities reported also has to do with awareness; there are more people looking for them
these days. But he also noted, “It really drives home the point that sites need to be aware of patches that are available from their
vendors.”

He added, “It reinforces what we’ve been saying all along: apply the patches and only enable services and technologies that sites
need to run.”

But that’s just one aspect of decreasing risk. As the number of patches needed to keep a system secure continue to climb, Dougherty
said it may be time to look for software with fewer vulnerabilities.

“One piece of the puzzle for reducing risk is to have software with fewer vulnerabilities out of the box — software that is more
secure by default,” he said.

  SEE ALL
ARTICLES
 

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Datamation Logo

Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.

Advertisers

Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.

Advertise with Us

Our Brands


Privacy Policy Terms & Conditions About Contact Advertise California - Do Not Sell My Information

Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.