The Slammerworm effect

GovernmentSecurity.org > System Security > Trojan & Virus Errata

ComSec

Jun 6 2003, 03:52 PM

The Slammerworm effect: why surprisingly Linux OS became more attackable than Windows OS

Zone-H confirms more Linux boxes being hacked than Windows
06-06-2003 08:29:27 AM CST -- SyS63478 www.zone-h.org admin

The news appeared during the last days in which London based MI2G.com stated that Linux OS is now more attacked then Windows has been reported by media and immediately criticized by the IT Security world. MI2G is basing part of their research job relying on Zone-H.org databases therefore they based their last press release using the data Zone-H is sending to all its mail subscribers regarding the daily attacks. Using such data MI2G was calculating that the amount of Linux attacks has stably overcome the Windows attacks. The direct result of Zone-H data organized in a chart graphically supporting MI2G statement is in fact showing that today Linux attacks are as 5 times higher than the Windows ones.

The IT Security world has immediately attacked MI2G statement saying that when counting the attacks MI2G accounted all the mass-defacement (an attack that while hitting a single IP or host, generates multiple defacements like it usually happens to big hosting companies) as single hits. The Itsec purists argued that the mass-defacements should be accounted instead as 1 single hit therefore MI2G statement was either premature or inaccurate. The only organization that has enough authority to solve the dilemma is Zone-H as today is holding the most complete database having access to direct statistics. So, today Zone-H staff started to dig in the archives filtering out all attacks by SINGLE IP divided into the different OSs. The results that came out is clear: Linux is in effect the most attacked Operative System, and this already since middle January 2003 as you can check by this graph

The graph is showing the attacks trend during the last 16 moths. The graph shows clearly that one of the most hit OS over the time was Windows (red line). The interesting fact is that for some reasons since middle-January 2003 Windows became for some unknown reasons less attacked (and less attackable) than Linux. Zone-H identified the reason of this strange phenomenon tin what Zone-H calls the ?Slammerworm effect?.

In fact the Slammer worm ha produced since December 2002 a spike in the Windows 2000 statistics. Since then, the Slammer worm threat has been so much covered by the media that companies started to patch at a speed never seen before. The result of this process is that Windows OS has instantly become less attractive for crackers.

If we also consider that the number of the worldwide Windows installations is presumably higher than the Linux installation it means that a properly weighted analysis would reveal that the Linux ?hacker attractiveness? would be even sharp .

The graph generated from Zone-H databases is also showing other interesting aspects: the web cracking phenomenon is transforming more and more into a social problem very much related to political issues. The September 11th anniversary and the Iraq war have been the reason why the overall number of attacks has increased 500%, hitting this year an amount of targets never seen before. If anybody before was under evaluating the web-cracking events, these graphs and numbers should be the reason of paying more attention to these facts as they are more and more configuring a sociologic problem.

The moral of this is: whatever is your personal attitude toward Linux or WIndows, raw numbers are showing that a Linux hosted company has today more chances to be attacked then if they where hosted on Windows... until the next outrageously exploited vulnerability.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.