No wiggle room: IBM says worm attacks surging

IBM Corp. has reported a recent surge in network attacks against critical infrastructures of government agencies, telecommunications carriers and utilities.

The company's Global Business Security Index, based on data from a half-million monitored devices, counted 997 Internet attacks in September, 27 percent more than in July and August.

"Hackers are able to reverse-engineer newly published security patches and attack an unpatched system in 48 hours," said Stuart McIrvine, recently named IBM's director of security strategy.

McIrvine said the company has been "running this awhile" and is confident of the threat index information. The government risk breakdown is proprietary information. IBM monitors government agencies' networks in 34 countries.

The index, color-coded like the Homeland Security Department's threat levels, called the Sasser and Korgo worms the most common means of attack against the Microsoft Windows operating system's LSASS buffer overrun vulnerability. Other targets, IBM said, were Microsoft Internet Information Server, Apache H

TTP Server and Netscape iPlanet Server.


In contrast, Network Associates Technology Inc.'s McAfee.com site said the latest threats are from W32/Bagle.bb and W32Bagle.bd. Symantec Corp. listed those as well as the Trojan.Ducky.C Trojan horse. The SANS Institute's Internet Storm Center cited an increase in port scanning plus Babel (not Bagle) and Halloween threats.