Print
Discuss
Send to friend
RSS feedsNetwork worms can get onto a PC within minutes of connecting to the internet, according to security researchers at the Sans Institute.
The "survival time" for an unpatched PC connected to the internet averaged 20 minutes in 2004, compared to 40 minutes the year before.
Users of broadband, or poorly secured public networks, would be infected much more quickly, in under 10 minutes after connecting in some cases.
"The main issue here is that the time to download critical patches will exceed this survival time," the researchers said.
Security companies are also monitoring the state of play, and are even more pessimistic. Symantec estimates that it could take seconds rather than minutes to lose control of an unpatched PC.
"The Blaster worm is still the largest source of these sort of attacks," explained Tony Vincent, lead global security architect at Symantec Managed Security Services.
"It's like space junk: everything we've launched from the Earth is still up there in orbit. These attacks are all still out there on the internet due to unpatched servers, and never stop running."
Symantec runs a simulated network that is left poorly protected in order to track the methods used to enter it. The company has found worms written three or four years ago still in circulation.
Once worms infect machines the host PCs can be used to build networks of zombies that send out spam, or launch distributed denial of service attacks against web servers.
See also:
Shop-bought computers often unpatched and vulnerable to malicious code 14 Dec 2004
Symantec chairman and CEO John W. Thompson tells vnunet.com about the company's strategy, and why he's not bothered about Microsoft's entry into the market 06 Sep 2004
An open-source anti-spam group is pioneering technical changes to the email system 19 Aug 2004Latest variant poses as collection of humorous photos 17 Aug 2004
Virus writers cash in with latest breed of email threat 17 Aug 2004
'Swiss Army knife' of online fraud, says Hi-Tech Crime Unit 13 Aug 2004
The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack. 15 Apr 2004All Enterprise Security Technology
del.icio.us
Digg this
reddit!
