Security attacks up 80 per cent as worms plague net users

The number of security events detected by companies in the first quarter of 2003 jumped nearly 84 per cent over the preceding three months, according to a report network protection firm Internet Security Systems plans to release on Monday.

The increase in events, which can include minor probes for holes in network security as well as major attacks, stems mainly from an increase in worms and automated attack software, the company said in a summary of the report, which was seen by silicon.com's sister site News.com.

"The large increase in mass mailing, highly persistent worms and [in] security events indicates that this year will be challenging for security officers and administrators around the world," Chris Rouland, director of ISS' research and development team, said in the summary.

The study tallies the network events detected by ISS sensors deployed by some 400 clients around the world and outlines potential malicious online activity from 1 January to 31 March.

That period includes the attack of what many consider to be the first flash worm, an automated attack program that spreads so quickly that the responders can't react fast enough.

The worm, SQL Slammer, infected 200,000 computers running Microsoft's SQL Server software that hadn't had a six-month-old patch applied. The worm is thought to have spread to 90 per cent of all vulnerable servers in the first 10 minutes after it had been released on the internet.

The report found that weekends accounted for only 26 per cent of all events and that Friday was the most active day, with some 2.3 million events, on average, categorised as "anomalous activity".

Such events are not attacks, but mainly - in nearly three-quarters of the cases - suspicious activity. An additional 11 per cent were classified by ISS as unauthorised access attempts. Slammer started spreading late on a Friday night PST.

ISS also found that online vandals are putting more effort into exploiting existing flaws than finding new ones. According to ISS data, 606 vulnerabilities were made public in the first three months of the year, while 752 new threats were identified. The company considers threats to be programs or code that make exploiting vulnerable systems easier.

Hackers are also using unknown flaws to attack systems. In March, the military detected that a previously unknown vulnerability in Microsoft's Windows 2000 operating system was being exploited by online intruders.

Microsoft released a patch for the security hole five days later but the incident acted as a reminder that there are a whole host of security flaws of which companies are not aware.

The report is scheduled to be available from ISS' website on Monday.

Robert Lemos writes for CNET News.com.