Category: Statistics

The Computer Virus Prevalence Survey found that last year, almost a third of the hundreds of businesses polled worldwide had suffered a virus “disaster,” defined as 25 or more computers infected by a single virus in the same incident.

The report was released on Friday by the ICSA Labs subsidiary of security firm TruSecure. The survey polled 300 randomly selected companies and found that 92 had had major virus incidents in 2003, up from 80 in the year before. Almost all of the companies surveyed said that at least 90 percent of their desktops have antivirus protection, but still a third of the companies suffered virus disasters.

The servers had to be taken down for an average of 17 hours as a result, the report said.

http://zdnet.com.com/2100-1105_2-5176420.html

Chris Potter, security analyst at PricewaterhouseCoopers, who co-wrote the survey said: “Antivirus software alone is just not enough anymore.”

This is not the first time that signature-based virus protection has been criticised. There will always be victims before there are solutions and fixes. And in the wake of ‘Warhol’ worms – those that have ’15 minutes’ of destructive fame – such reactivity is easily exposed. Potter added: “While almost every UK business has antivirus software in place, the incidence of attack is rising.

Mark Sunner, CTO of MessageLabs, said: “The most effective solution is a proactive and continuously updated managed service that stops known and unknown spam and virus threats at the internet level, before they ever reach corporate networks and end users.”

While some companies surveyed reported little or no damage resulting from an infection, some said an attack had often resulted in very costly remedial work and disruption that ran to more than one month.

http://www.silicon.com/0,39024729,39118937,00.htm

With numerous variants of MyDoom, Doomjuice and NetSky causing havoc over the wires, the shortest month of the year looks set to be one of the largest in terms of virus impact. mi2g reports that 24 hours after MyDoom-F spread across the Internet the website was effectively rendered inaccessible. It also reports that sophisticated hackers are making an international effort to break into infected computers via the ports opened by MyDoom viruses.

More info: http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=54319

“Sarbanes-Oxley is asking companies to make sure they have documenting procedures in place,” said Aberdeen’s Christa Degnan in an interview. “Some respondents indicated that SOX compliance prompted changes in their supply-management strategies and operations, but no corresponding increases in their IT budgets,” she noted. A few respondents, representing about 10 percent of those polled in the survey, said SOX had no impact whatsoever on their supply-chain organizations.

What about the one-third who said SOX will have an impact on their IT and supply-chain operations? Aberdeen found that, of the one-third considering upgrading IT operations to comply with SOX, more than 40 percent were considering beefing-up contract-management and supply-chain analytics functions.

More info: http://www.securitypipeline.com/news/18200145;jsessionid=CQYMSM0OSFI3GQSNDBGCKHQ

The most common vulnerabilities were cross-site scripting (80%), SQL injection (62%) and parameter tampering (60%). While these types of hacking attacks are common, most enterprises have not adequately secured web sites, applications and servers against them.

In 2001, Gartner Group reported that 75% of cyber attacks and Internet security violations are generated through Internet Applications.

The Federal Trade Commission announced in January that Internet-related fraud was the reason for more than 500,000 of consumer complaints filed in 2003, with estimated consumer losses of $200 million in the U.S. alone.

More info: http://www.bankinfosecurity.com/?q=node/view/693

Identity theft was the most prevalent form of fraud reported, representing 42 percent of all complaints.

The report does not attempt to identify how thieves obtained the data needed to steal more than 200,000 consumers’ identities, but security holes and data leaks remained a grim e-commerce reality in 2003.

More info: [url=http://www.theregister.co.uk/content/55/35095.html]http://www.theregister.co.uk/content/55/35095.html[/url]