Vulnerabilities falling but malware booms

Malicious links have risen over 500 per cent this year

The latest half-year survey of the computer security landscape by the Internet Security Systems (ISS) X-Force team has shown that the number of new vulnerabilities found in software is falling, but that other threats are looming large.

The team reported a reduction in the number of new vulnerabilities, and said that solid work had been done to clear web applications and ActiveX control vulnerabilities in particular.

"I wish I could say that we could all rest a little easier knowing that fewer vulnerabilities were discovered in the first half of this year in comparison to more recent years," said Holly Stewart, X-Force threat manager.

"However, this lull is most likely representative of a tapping out of low-hanging fruit in the areas in which we have seen a decline. As new areas of research open up, or new tools emerge that make research and vulnerability discovery easier, we will see another uptick in the disclosure rate."

Sun Solaris was top of the list for vulnerabilities in operating systems, which the X-Force team attributed to a change in disclosure policy, while Apple and Linux are still ahead of Microsoft.

However, this covers all possible vulnerabilities, and Microsoft would be at the top of the list if only serious vulnerabilities were included.

Online criminals are increasingly moving to new techniques such as obfuscation, according to the report. This involves scrambling the malware code embedded in web pages to evade security software, and letting the browser recompile it.

In the second quarter of the year the team saw obfuscation attacks rising at their fastest ever rate, at over five million examples found.

The team reported malicious links up 508 per cent, with a large increase in the number of Trojans, which made up 55 per cent of all malware.