• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Decline In Vulnerabilities Belies Threat Increase, Microsoft Says in New Security Report

    April 29, 2008 Alex Woodie

    Despite a 15 percent decline in new security vulnerability disclosures during the second half of 2007, cybercriminals continued to successfully mine the Internet for profit, primarily by planting Trojan horses and other pieces of malicious code that steal people’s identities and perform other works of unpleasantness. These are the conclusions of Microsoft‘s latest Security Intelligence Report (SIR), which it released at the Infosecurity Europe 2008 conference in London yesterday.

    Since late 2006, Microsoft has been collecting security-related data it pulls from 450 million computers around the world–perhaps yours–and compiling it into a comprehensive view of IT security, with a concentration on software vulnerabilities, exploits, malicious code, and another category called “potentially unwanted software.”

    From July through December 2007, Microsoft witnessed a sudden turnaround in the prevalence of new security vulnerabilities, (per the Common Vulnerability Scoring System (CVSS) method. After several years of increasing vulnerabilities, the number of new vulnerabilities suddenly dropped by 15 percent from the year before to 2005 levels, leaving 2006 to likely be the high-water mark for vulnerabilities during the current Internet epoch. Those findings largely mesh with the findings of another security report issued by IBM‘s Internet Security Systems‘ Team X-Force, which found a 5 percent decline in vulnerabilities in 2007.

    However, even as vulnerabilities in system and application software declines, Microsoft’s security researchers found the prevalence of malware and cybercrime increased during the second part of 2007. The number of Trojan downloaders–pieces of malware that are planted on Web pages or in e-mail messages that allow hackers to surreptitiously install other, more sophisticated pieces of malware on victims’ computers–increased by 300 percent.

    Microsoft also reports that it found a 66.7 percent increase in the number of potentially unwanted software, which Microsoft defines as programs that may impact user privacy or security by performing actions the person may not want. A total of 129.5 million pieces of potentially unwanted software were found on users’ systems during scans from July to December.

    Financial gain by organized crime is driving the latest increase in security concerns, according to Microsoft. “This latest volume supports our position that today’s threats continue to be motivated by monetary gain, and it also gives us a solid view of vulnerability and exploit trends,” says Vinny Gullotto, general manager of the Microsoft malware protection center.

    These criminal organizations are becoming more sophisticated in their use of infected networks of computers, called botnets, and the spam e-mail that these computers generate to try to lure new victims to malicious Web sites, which is also called phishing. Microsoft noted the botnet handlers have become quite adept at adapting their spam pitches to play on basic human instincts like fear, guilt, desire, empathy, and sex, as well as current events. For example, the Storm botnet, perhaps the most infamous malicious network, got its name from an e-mail subject line used as it ramped up its campaign in January 2007: “230 dead as storm batters Europe.” Click on the link, however, and your computer becomes just another drone in the botnet army.

    In the end, Microsoft’s findings highlight the need for more security education. These include the basic “duh” activities: activate a firewall, install and update antivirus and anti-malware software, and don’t click on suspicious e-mail subject lines.

    In the data center, good security practices means something else. While vulnerabilities, exploits, and compromises gain headlines, only a quarter of security breaches are due to exploits, malware, and hacking. The vast majority of breaches are the result of the absence or failure of proper information handling or physical security procedures, such as lost or stolen laptops or backup tapes. For data center personnel, better security policies and encryption are the keys to better security.

    RELATED STORIES

    Surf’s Up for Web-Based Organized Crime, IBM X-Force Says

    Bleak Outlook for Information Security, According to Researchers

    In Search Of a More Secure Internet

    Security Attacks and Breaches on the Rise

    MPack Hacker Tool Claims 10,000 Compromised Web Sites



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    DRV Tech

    Get More Out of Your IBM i

    With soaring costs, operational data is more critical than ever. IBM shops need faster, easier ways to distribute IBM applications-based data to users more efficiently, no matter where they are.

    The Problem:

    For Users, IBM Data Can Be Difficult to Get To

    IBM Applications generate reports as spooled files, originally designed to be printed. Often those reports are packed together with so much data it makes them difficult to read. Add to that hardcopy is a pain to distribute. User-friendly formats like Excel and PDF are better, offering sorting, searching, and easy portability but getting IBM reports into these formats can be tricky without the right tools.

    The Solution:

    IBM i Reports can easily be converted to easy to read and share formats like Excel and PDF and Delivered by Email

    Converting IBM i, iSeries, and AS400 reports into Excel and PDF is now a lot easier with SpoolFlex software by DRV Tech.  If you or your users are still doing this manually, think how much time is wasted dragging and reformatting to make a report readable. How much time would be saved if they were automatically formatted correctly and delivered to one or multiple recipients.

    SpoolFlex converts spooled files to Excel and PDF, automatically emailing them, and saving copies to network shared folders. SpoolFlex converts complex reports to Excel, removing unwanted headers, splitting large reports out for individual recipients, and delivering to users whether they are at the office or working from home.

    Watch our 2-minute video and see DRV’s powerful SpoolFlex software can solve your file conversion challenges.

    Watch Video

    DRV Tech

    www.drvtech.com

    866.378.3366

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    ARCAD Software:  Register now for May 21 Practical Test Automation Webinar
    LANSA:  It's Time for 4 days of education at the LANSA User Conference, May 4 – 7, in Orlando
    Vision Solutions:  A Rewind Button for i5 Data? Read the Whitepaper

    IT Jungle Store Top Book Picks

    Easy Steps to Internet Programming for AS/400, iSeries, and System i: List Price, $49.95
    Getting Started with PHP for i5/OS: List Price, $59.95
    The System i RPG & RPG IV Tutorial and Lab Exercises: List Price, $59.95
    The System i Pocket RPG & RPG IV Guide: List Price, $69.95
    The iSeries Pocket Database Guide: List Price, $59.00
    The iSeries Pocket Developers' Guide: List Price, $59.00
    The iSeries Pocket SQL Guide: List Price, $59.00
    The iSeries Pocket Query Guide: List Price, $49.00
    The iSeries Pocket WebFacing Primer: List Price, $39.00
    Migrating to WebSphere Express for iSeries: List Price, $49.00
    iSeries Express Web Implementer's Guide: List Price, $59.00
    Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95
    Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
    Getting Started with WebSphere Express for iSeries: List Price, $49.00
    WebFacing Application Design and Development Guide: List Price, $55.00
    Can the AS/400 Survive IBM?: List Price, $49.00
    The All-Everything Machine: List Price, $29.95
    Chip Wars: List Price, $29.95

    Gartner Says CRM and Security Software Markets Will Grow Multiformat SQL Data Sets

    Leave a Reply Cancel reply

Volume 8, Number 17 -- April 29, 2008
THIS ISSUE SPONSORED BY:

Bytware
looksoftware
Solidcore
Cosyn
Guild Companies

Table of Contents

  • Vision Moves Product and Business Plans Forward
  • CYBRA Goes for i’s Funny Bone with 2K, the 2,000 Year Old Programmer
  • Virtual Server Sprawl Reeled In with Tideway Foundation 7.1
  • Aldon’s Lifecycle Management Suite Ready for RDi
  • Varsity Debuts Preconfigured Shipping Software for JDE World
  • VAI Hooks Into UPS Delivery Route Planning Software
  • Sage Adds CRM to Accpac ERP Suite
  • Australian Importer Standardizes on Lawson M3
  • Bally Technologies Bets on Quadrant for Document Management
  • Decline In Vulnerabilities Belies Threat Increase, Microsoft Says in New Security Report

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Meet The Next Gen Of IBMers Helping To Build IBM i
  • Looks Like IBM Is Building A Linux-Like PASE For IBM i After All
  • Will Independent IBM i Clouds Survive PowerVS?
  • Now, IBM Is Jacking Up Hardware Maintenance Prices
  • IBM i PTF Guide, Volume 27, Number 24
  • Big Blue Raises IBM i License Transfer Fees, Other Prices
  • Keep The IBM i Youth Movement Going With More Training, Better Tools
  • Remain Begins Migrating DevOps Tools To VS Code
  • IBM Readies LTO-10 Tape Drives And Libraries
  • IBM i PTF Guide, Volume 27, Number 23

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle