IBM Internet Security Systems X-Force® 2006 Trend Statistics

2006 End-of-the-Year Highlights Vulnerabilities

• There were a total of 7,247 vulnerabilities in 2006, which represents a 39.5 percent increase over 2005.
• June was the busiest month of the year with 696 vulnerabilities.
• Week 46 (the week before Thanksgiving) was the busiest week of 2006 for new vulnerabilities.
• The most popular day for vulnerability disclosures was Tuesday.
• Weekend disclosure of vulnerabilities in 2006 more than doubled that of 2005 to reach 17.6 percent of all disclosures.
• “High impact” vulnerabilities continue to decrease as a percentage of total vulnerabilities in 2006.
• 3 percent of vulnerabilities under the Common Vulnerability Scoring System (CVSS) were evaluated as being “critical impact” vulnerabilities with a score of 10.
• The top three vulnerable vendors in 2006 were Microsoft, Oracle and Apple.
• The top 10 vulnerable software vendors accounted for 14 percent of all 2006 vulnerabilities.
• 17 percent of the vulnerabilities identified within the top 10 vulnerable vendors’ products were un-patched at the end of 2006. This contrasts with 65 percent un-patched for all other vulnerabilities recorded in the year.
• 88.4 percent of all 2006 vulnerabilities could be exploited remotely.
• Over half (50.6 percent) of 2006 vulnerabilities would allow an attacker to gain access to the host after successful exploitation.

Spam and Phishing

• The U.S., Spain and France are the three largest originators of spam worldwide.
• USA and China each host over 1/3rd of the world’s destination websites sent in spam messages.
• More than 90 percent of spam messages now use HTML to present message content.
• More than 60 percent of spam messages are sent directly to the recipient’s mail server – without passing through any intermediary relay agents.
• 92.99 percent of spam messages are written in English, with German being the next most popular language.
• South Korea accounts for the highest source of phishing e-mails – 16.33 percent.
• More than half (55.78 percent) of the world’s phishing attacks have fake Web sites hosted in the U.S.
• U.S. based businesses are the most targeted organizations of phishing e-mails, accounting for 71.37 percent of all phishing e-mail.
• More than 95 percent of phishing e-mails rely upon HTML delivery.
• Image-based spam has increased linearly since 2005, and accounted for more than 40 percent of spam messages by the end of 2006.

Web Content

• 12.5 percent of Internet Web sites host “unwanted” content such as pornography, violence and crime, etc.
• Web sites that host pornographic or sex-related content account for 12.03 percent of the Internet.
• "Unwanted" content has risen by between 9-14 percent in 2006 (depending on web content)
• The U.S. is the top hosting country for “unwanted” content such as violence and crime, pornography and sex, computer crime, and illegal drugs.

Malcode

• The largest threat category of malware in 2006 were Downloaders (68,620 varieties in 2006) – accounting for 22 percent of all malware.
• The most frequently occurring malware on the Internet was Trojan-Downloader.Win32.Zlob.
• The most common worm in 2006 was Email-Worm.Win32.Luder, and the most successful family of network propagating worms was New-Worm.Win32.Mytob.

Web Browser Exploitation

• The most popular exploit used on the Internet to infect Web browsers with malware was Microsoft’s MS-ITS vulnerability (MS04-013).
• Approximately 50 percent of Web sites hosting exploit material designed to infect Web browsers now obfuscate their attack, with approximately 30 percent encrypting their payload.

For more information please visit http://www.iss.net/documents/whitepapers/X_Force_Exec_Brief.pdf