IBM has released a report on Internet crime in 2007 here <http://www.iss.net/documents/whitepapers/xforce_2007_annual_report.pdf> Some highlights from the Management summary with my comments in [square brackets]: Vulnerabilities * Although total vulnerability disclosures went down, the number of reported high severity vulnerabilities increased by 28 percent in comparison with 2006. * The busiest day of the week for vulnerability disclosures continued to be Tuesday, with 1,361 new vulnerabilities disclosed on this day of the week in 2007. * Of all the vulnerabilities disclosed in 2007, only 50 percent can be corrected through vendor patches. [suggests that ISPs need to be proactive about detecting and blocking compromised machines] * Nearly 90 percent of 2007 vulnerabilities could be remotely exploited, up one percentage point from 2006. Web Browser Exploitation * Most in-the-wild browser exploits are generated by Web exploit toolkits. * Critical vulnerabilities for Mozilla Firefox were dramatically lower in 2007 compared to 2006. [If you still distribute any kind of software kits that do not install FireFox, you are doing your customers a disservice and making your detection and blocking task that much bigger. When you contact customers with compromised machines you might want to make it mandatory to install Firefox from your servers before re-enabling Internet access] Spam and Phishing * Of the top 20 companies targeted by phishing in 2007, 19 are in the banking industry and one conducts recruiting. [This suggests keywords to look for in incoming email. Also, for local and regional ISPs, the number of companies in these two industries are low enough that you may want to consider establishing a direct relationship with them to configure stricter incoming email filters] Web Content * 9 percent of Internet content was classified as unwanted (criminal, pornography, etc) as compared to 12.5 percent in 2006. * The U. S. far outpaces other countries as the primary hosting source of adult, socially deviant and criminal content on the Internet, accounting for roughly 40-48 percent in each content category. * The U. S. and Germany were the only two countries consistently among the top three hosting sources for each type of "unwanted" Internet content monitored throughout 2007. [Suggests that NANOG members need to raise the bar considerably to clean up their own backyard. What do you know about your own Internet peering partners?] Malcode * Trojans represent the largest category of malware in 2007 - 109,246 varieties account for 26 percent of all malware. * The most frequently occurring malware on the Internet was Trojan.Win32.Agent - 26,573 varieties in 2007 account for 24 percent of all Trojans. * The most common worm in 2007 was Net-Worm.Win32.Allaple with 21,254 varieties. It is a family of polymorphic worm that propagates by exploiting Windows(r) vulnerabilities instead of using e-mail. [This suggests that targetting these specific attack vectors could clean up a significant amount of the problem and correspondingly recduce your costs for detection and blocking of compromised machines.] Make sure to download the report for the complete management summary and many more details. ------------------------------------------------------- Michael Dillon RadianzNet Capacity Forecast & Plan -- BT Design 66 Prescot St., London, E1 8HG, UK Mobile: +44 7900 823 672 Internet: michael.dillon@bt.com Phone: +44 20 7650 9493 Fax: +44 20 7650 9030 http://www.btradianz.com Use the wiki: http://collaborate.intra.bt.com/