An increasing number of worms and viruses are blended threats — giving malicious code more ways to get into office networks and more ways to damage them, according to a new study from Symantec Corp.
The report also shows that the number of vulnerabilities has leveled off over the past year. That sounds like good news, until you learn that it's leveled off at about seven software security flaws discovered daily, adding up to over 2,600 new vulnerabilities a year.
"That's a lot. That's really bad news," says Tony Vincent, lead global security architect for Symantec. "I think we're seeing a lot of damage because of the number of vulnerabilities, the number of blended threats, and because the virus writers are targeting bigger things."
Vincent says the most surprising part of the company's biannual Internet Security Threat Report is the rising incidence of blended threats. These worms have several different ways of propagating across a network: They may combine mass-mailing mechanisms with the ability to seek out "backdoors" left open by previous viruses, and the ability to seek out software vulnerabilities to exploit. Once they're in a machine, they have multiple means of causing trouble: leaving a backdoor or Trojan, deleting information, or culling e-mail addresses from the computer's hard drive.
