Vulnerabilities up by over a third

Hackers are developing malware faster than ever, according to new research.

The Threat Insight Quarterly, published by security firm ISS, found that the number of vulnerabilities in 2005 had increased by over a third from the previous year.

Analysts from X-Force, the research and development team at ISS, evaluated 4,472 vulnerabilities in both hardware and software last year. From the public announcement of the vulnerability on the internet, the report highlights that 3.1 percent of threats discovered had malicious code that surfaced within 24 hours, whereas 9.38 percent had code that surfaced within 48 hours.

Gunter Ollman, X-Force Director at ISS said the figures meant that there is an increase in the number of "zero-day exploits" appearing at the same time the vulnerability is published.

"This does not allow product developers the time to test and issue the necessary patches needed by the end-users and enterprise administrators," said Ollman.

The research also found that 12.5 percent of the threats had code included in disclosure. This meant that malicious code had entered into the wild as soon as the vulnerability had been published.

Ollman said hackers are now actively looking for vulnerabilities and only publish once they have developed an exploit for them. This meant the time frame between the publication of a vulnerability and the release of malicious exploit code, which is often referred to as the "patching window," is getting shorter and shorter.

"It is anticipated that the period between vulnerability disclosure and public availability of exploit material will continue to shrink, particularly for those 'high profile' vulnerabilities lying in default network services associated with popular desktop operating systems," said Ollman.

In addition, half of the vulnerabilities had either an exploit or proof-of-concept code surface within one week. This proof-of-concept code circulates within a relatively small group of hackers to test and improve the code. This ultimately result in an exploit: malicious software code that is made to be used by a big group of hackers to take advantage of the known vulnerability. Exploits are also often published in certain hacker newsgroups to ensure a faster and wider distribution.

"The rapid development of exploit code following public disclosure will inevitably lead to increasing infection rates of bot-worms and malware such as spyware and rootkit installer agents," said Ollman.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.