Spam, Worms, And Spyware Flourished In Spring, Says Report

Most businesses consider data security a top priority. Based on a report issued today, there won't be any relief from that focus anytime soon. New security vulnerabilities discovered or reported during the second quarter were 20% higher than those found in the second quarter of last year, according to an SANS Institute report.

According to the SANS report, there were 422 new vulnerabilities, including viruses, spam, worms, and spyware, between April and June. To be considered for the report, vulnerabilities must affect a large number of users; haven't been controlled by patches; and allow computers to be taken over by a remote, unauthorized user. One example is the return of the destructive Sober worm during the quarter.

The report also states that backup and recovery systems, available through companies such as Computer Associates and Veritas, are particularly vulnerable. These systems are the foundation for information availability, and any threat that brings them down could cripple business operations. Backup and recovery products reach all data sources, making them great avenues for hackers. "Backup and recovery is really fertile hunting ground," says Alan Paller, director at the SANS Institute.

Paller thinks root programming education plays a role in vulnerabilities. "There are too many deadlines to get software out, and programmers are never taught how to avoid vulnerabilities," Paller says. He thinks companies will have to be more vigilant about patching. "The ultimate solution is better software engineering," Paller says, "but that's a 10-to-20-year wait."