Worms overtake DoS as top attacks in 2002

The Internet has become a riskier place for businesses since the fall of 2001 and doesn't look to be any more secure in the near future, according to security firm Internet Security Systems, which released its security incident figures for the first quarter of 2002 Wednesday.

The Sept. 11 terrorist attacks on the U.S. have not prompted any obvious cyberattacks, ISS concluded.

Overall Internet security has been hampered by a steady tide of denial of service (DoS) attacks, as well as the rise of hybrid attacks -- attack tools that spread through multiple means, such as the Web, e-mail, file sharing and instant messaging, ISS wrote. Worms such as Code Red and Nimda are leading examples of hybrid threats, though there have since been a number of others.

"Internet risk will continue to increase as long as fundamental Internet risk factors are not lessened in some way," ISS wrote. "Attacks are now global in scope and round-the-clock in incidence."

"There's no such thing as a low threat (level) on the Internet," said Dennis Treece, director of the X-Force Special Operations Group at ISS in Atlanta. "If you're going to connect to it, you better have a suit of armor."

The company compiled its data from more than 350 high-volume intrusion detection sensors managed by the company around the world.

One major risk factor that will be difficult to address is the way the majority of attacks are being perpetrated. The vast majority of attacks in the first quarter of 2002, nearly 70 percent, were launched on server port 80, the same port that Web traffic flows on, ISS said. This poses a particular problem because curtailing access to port 80 would also negatively affect Web traffic, the company wrote.

However, companies can take steps to reduce their vulnerabilities over port 80, including turning off unused services, such as Web server software on a file server, ISS wrote.

"Since almost 70 percent of malicious activity occurs as a result of entry through port 80, it is obvious and imperative that firewalls should be augmented with additional intrusion and defense technology, since firewalls cannot prevent this form of unauthorized access in their own right," the company wrote.

Further underscoring the danger lurking on port 80, DoS attacks, hybrid threats and port scans, all usually conducted over port 80, made up more than 80 percent of all attacks in the quarter, ISS wrote. DoS attacks are those in which applications or servers are flooded with traffic in order to deny access to legitimate users and are growing in number, though their growth rate has been dwarfed by that of hybrid threats and port scans, ISS said.

Port scanning is a common activity engaged in by attackers before an attack is launched and is designed to discover details and vulnerabilities about networks.

The volume of attacks against port 80 is "troubling because it's the wide-open door," Treece said. Many businesses that lack IT expertise have seen firewalls as silver bullets in the past because of their ability to block traffic, but as most firewalls allow connections on port 80, this data shows that firewalls are being marginalized, he said.

The Nimda worm, which infected hundreds of thousands of computers in September 2001, is still widespread on the Internet, ISS wrote, despite there being a patch available from Microsoft to block it. Nimda is "a dominant, expensive and enduring threat," ISS concluded.

Despite multiple warnings on the potential for cyberterrorist attacks after Sept. 11, ISS did not see any indications of such attacks.

"The events of 9/11 had no apparent effect on malicious Internet activity, but interest in security was up. Thus far, there have been no cyber attacks that we can relate directly to the physical attacks of 9/11," the company wrote.

The Internet has not been attacked by terrorists because they "want to make use of the Internet, they don't want to hurt it," Treece said.

ISS also counted 537 new security vulnerabilities in software for the quarter. Security vulnerabilities, and slowness to apply patches to fix those holes, have resulted in a number of serious security incidents, including the Code Red and Nimda worms.

"The software community, including developers, vendors and users, is beginning to raise the profile of security within the development process. Improvements, however, will take time," ISS said. "As a result, the medium- and long-term risk assessment for the Internet remains significantly less than optimistic, with hybrid threats continuing as the most dangerous form of attack."

ISS's full report can be found online at https://gtoc.iss.net/documents/summaryreport.pdf

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sam Costello

Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?