Computing in the real world
SEARCH FOR: IN: Advanced Search
Guest  Level 00    Register Log in

News 

[PSUs]
Thursday 23rd February 2006
Slammer and Blaster slam and blast from the past 1:02PM, Thursday 23rd February 2006
One might think that talk of the Slammer and Blaster worms was restricted to security researchers reminiscing over the virus-heavy years of 2002 and 2003, but according to the latest figures from Kaspersky, the attacks are still being heavily used across the Internet today.

Kasperky's Costin Raiu, Head of Research & Development, writes in the report 'Internet Attacks 2005' that the buffer overrun vulnerability discovered in SQL Server 2000 back in 2002 was the most used vector for attack last year.

The three-year-old Slammer Internet worm exploits this flaw and was the fourth most prevalent attack or probe of 2005. Other attacks exploiting this flaw came seventh. The Blaster worm of 2003 placed twelfth, while other attacks using the same RPC exploit were tenth.

To put that in context, by far the most prevalent attack was the HTTP GET probe, accounting for nearly a third of all attacks and probes. This is most often used by spammers to identify open proxies on the Internet which can subsequently be used to send spam.

But the presence of Slammer can largely be put down to the inexorable rise of China as an Internet super-power. With a reported 94m people online, Raiu writes that 'China hosts 57 per cent of the machines infected by Slammer, while Korea, which used to lead in this respect two years ago, now has less than 1 per cent of all infected machines.'

Indeed
 
 
ADVERTISEMENT
the report notes that China is now the number one source of Internet attacks and probes, accounting for more than a quarter. Rated according to size of population, China drops to tenth. But this too is a problem in that with a population of 1.3bn, there's plenty of room for growth. Raiu says that the large number of vulnerable machines [in China] has a potentially major impact on the rest of the world'.

He says the rest of the world is beginning to wake up to the security threat, with users quickly applying patches when made available. 'Recent campaigns to raise awareness of IT security issues are either having a palpable effect (mainly in the US) or being completely ignored in countries such as China,' he writes.

For 2006, he predicts new viruses able to exploit multiple vulnerabilities, but the main thrust of virus activity he expects to continue to revolve around spamming.

The report was compiled using Kaspersky's global network of 'Smallpots', designed to monitor Internet attacks of all types and which can measure not only the port number, but the actual data sent during the attack.

This, says Raiu, is more accurate than other methods of measuring attacks. 'A lot of the statistics which are made available on the Internet are calculated using reports provided by firewall software, in the form of TCP/IP port numbers which have been blocked,' he says. 'They do not provide an exact picture of what malware has been used and they are not able to differentiate between the various exploits used by hackers to break into remote systems over the Internet.'
Matt Whipp

Submit to: Digg  |  Slashdot  |  Del.icio.us  |  Technorati

Related News


Back to top
Compare Broadband
Broadband?
Compare 50+ packages
Enter your postcode below:
Powered by:
Top 10 Broadband
› See more News
› See more Hot topics

Columns

Prolog:

Tim Danton believes that we Brits need to become a bit more American to succeed. › See full Opinion
› See more Columns
›  See more Research Papers