X-Force Reports Assault on Web Browsers

February 13, 2008: IBM’s X-Force division has released its latest security report, which shows a rise in the sophistication of attacks, with a surprising fall in the average message size of spam.

Web browsers have been declared under siege by X-Force’s Security report, with Firefox vastly outperforming Internet Explorer but both of the main browser choices seeing an increase in critical vulnerabilities over the previous year.

“Never before have such aggressive measures been sustained by Internet attackers towards infection, propagation and security evasion. While computer security professionals can claim some victories, attackers are adapting their approaches and continuing to have an impact on users’ experiences,” said Kris Lamb, operations manager, X-Force Research and Development for IBM Internet Security Systems.

The X-Force report draws attention to the infamous Storm Botnet, which is a network of infected computers being operated without their owners knowledge and in massive numbers. Lamb believes that Storm provides a microcosm of the kinds of threats users faced in 2007.

“All in all, the exploits used to spread Storm Worm are a blend of the various threats tracked by X-Force, including spam, phishing and drive-by-downloads by way of Web browser exploitation.”

It isn’t all doom and gloom though, as X-Force reports that the size of spam emails has been on a rapid decrease, dropping to levels not seen since 2005. This positive step has been attributed to the efficient methods of combating image-based spam which is forcing malicious users to resort to other means.

Comment on this story.