X-Force 2008 Mid-Year Trend Statistics

X-Force Trend Statistics Report
The X-Force produces the X-Force Trend Statistics report twice per year, once at the end of each year and once at mid-year. These reports provide statistical information about all aspects of threats that affect Internet security, including software vulnerabilities and public exploitation, malware, spam, phishing, web-based threats, and general cyber criminal activity. The information in this report is for customers, fellow researchers, and the public at large and is intended to help others understand the changing nature of the threat landscape and what might be done to mitigate it.

About the X-Force
The X-Force research and development teams research and monitor the latest threat trends, develop and deliver security content to IBM ISS customers, and help advise customers and the general public on how to respond to emerging and critical threats.

Latest Report
In addition to standard vulnerability, malware, spam, phishing, and web threat statistics, the 2008 Mid-Year Report features the following special topics:

• Web application vulnerabilities – the majority of disclosed vulnerabilities are related to web applications. SQL injection vulnerabilities and public attacks on them are on the rise.
• Browser threats – Public exploitation of desktops and other endpoints have moved from the operating system to the browser, with browser plug-ins the most heavily targeted of all.
• Public Exploits and Vulnerability Disclosures – With the proliferation of exploit toolkits that allow attackers to quickly integrate new exploit code as it is published, it may be time for the security industry to rethink their stance on the public disclosure of exploit code.
• Simply Spam – "Complex" spam (spam using images, PDFs, or complex text/HTML) is being replaced by a simpler type of spam that may be more effective at fooling spam filters and users alike.

View the complete report (3455KB)