Internet Security Systems’ X-Force Releases Internet Risk Impact Summary Report for Q4 2002 and Year-end

ATLANTA, Ga. — January 7, 2003 — Internet Security Systems, Inc. (ISS) (Nasdaq: ISSX), today released its Internet Risk Impact Summary Report (IRIS) for the fourth quarter and year-end of 2002, which reveals that 101 hybrid threats and computer worms were tracked during the fourth quarter, in addition to the 393 tracked in the prior three quarters. Although the fourth quarter represents a 28 percent decrease in the number of threats between Q3 and Q4, it establishes important new data on the long-lasting effects of this year’s computer attacks.

ISS X-Force has conducted research on the shifting nature of computer attacks this year, specifically the propagation and extended lifespan of computer worms and vulnerability exploitation. This research has provided deeper insights into what X-Force is calling the Compound Risk Factor (CRF), which recognizes the underlying threat created by computer attacks that continue to surface long after discovery or outbreak.

“As we study the threat spectrum and monitor attack activity on a global basis from day-to-day and year-to-year, we can determine that the Internet risk for 2003 will continue to rise. Over the last two quarters, we saw a major shift toward computer attacks that no longer target a single point, but are characterized by large-scale attacks affecting critical systems. This, combined with the lack of the latest threat protection solutions and education within corporate, government and home user environments, continues to allow worms and other hybrid threats to propagate and extend their lifespan,” said Chris Rouland, director of Internet Security Systems’ X-Force security research and knowledge services organization.

The Compound Risk Factor was observed through several reoccurring activities including:
Hybrid threats with massive distribution capabilities continuing to propagate with an extended lifespan.
Multiple hybrid threats released to attack the same vulnerability. This is in contrast to the past, where multiple exploits usually attacked different vulnerabilities.
Worm writers releasing the source code for their creations with greater frequency, enabling the rapid development of variants by other members of the hacking underground. For example, there were four variants of Linux.Slapper.Worm on the Internet in approximately 20 days.

Exploits developed and released are focusing more on critical systems, and are capable of inflicting greater damage than those released several years ago. For example, the attack on thirteen Domain Name Service (DNS) “root” servers on October 23, 2002 had the potential to shut down a large amount of Internet traffic.

The report also introduces a new section called Homeland Security, which explores the growing number of politically-motivated attacks known as Hacktivism, occurring in rising numbers worldwide over the past year.

Internet Security Systems’ IRIS is the only quarterly report to provide cyber attack trends based on factors such as the industry’s largest number of monitored security devices, actual attacks detected and researched vulnerabilities.

Additional Highlights and Report Findings
Daily Security Events: 23 percent of security events occurred over weekends in the fourth quarter, when network administration centers typically operate with a reduced staff. Friday showed the highest rate of security events throughout the quarter, registering an average 188,090. See page three in the IRIS report for additional days.

Vulnerabilities: ISS added 644 new vulnerabilities to the X-Force Database, broken into risk levels as follows: 179 High, 327 Medium and 138 Low. The most common of these vulnerabilities continues to involve buffer overflows that can be exploited for unauthorized access. High security issues are those that allow immediate remote or local access, or immediate execution of code or commands with unauthorized privileges. Examples are most buffer overflows, backdoors, default or no password, and bypassing security on firewalls or other network components. In Q4 2002, there were 347 recorded vulnerabilities in commercial software as compared to 291 recorded vulnerabilities in open source software packages, which includes Linux, open/free/net BSD’s and open source cgi and php scripts.

AlertCon Risk Levels: During the fourth quarter of 2002, ISS observed 79 days at AlertCon 1, 16 days at AlertCon 2, and no days at AlertCon 3 or AlertCon 4, which is dedicated for the most severe attacks. The X-Force moved to AlertCon 2 during the propagation of BugBear and Opserv worms; discovery of multiple remote vulnerabilities in BIND4 and BIND8; and discovery of a vulnerability in the Sun Microsystems implementation of the X Window Font Service (XFS).

The complete Q4 2002 Internet Risk Impact Summary Report is available for free download on Internet Security Systems’ Web site at For a white paper on hybrid threats, please go to

X-Force Internet Risk Impact Summary Report Methodology
Developed by the X-Force, Internet Security Systems’ world-leading security research organization and core protection knowledge base, each IRIS report includes statistical data and trend analysis derived from examining approximately 10 million security events from 400 network and server-based intrusion detection sensors. This data was gathered on a 24/7 basis from September 28 to December 31, 2002. The sample is international from four continents and represents all major industries including banking/insurance, telecommunications, manufacturing/retail/food, entertainment, healthcare, government, utilities, transportation/aviation, and information technology. In operation since 2001, Internet Security Systems’ X-Force Global Threat Operations Center (GTOC) based in Atlanta analyzes the security data for this report gathered from ISS’ five security operations centers (SOCs) located around the world. The IRIS report also includes X-Force laboratory research, and industry information gathered from interaction with top government, industry, and academic sources to detail the most accurate and holistic Internet threat assessment in the industry.

About Internet Security Systems’ X-Force Protection Services
Internet Security Systems’ X-Force is a world-leading organization of security experts dedicated to researching, alerting and educating customers, partners and the public on the state of global Internet threats and attacks. The X-Force identifies, assesses, and measures the severity of Internet threats and vulnerabilities and monitors security incidents through its leading managed security services. X-Force Protection Services also includes Internet Security Systems’ consulting and professional services offerings – security assessments, penetration testing and emergency response services. X-Force findings accompanied by technical recommendations and protection strategies as well as other industry alerts and advisories are available through Internet Security Systems’ online security center (

Located at Internet Security Systems’ headquarters in Atlanta, the Internet Security Systems X-Force Global Threat Operations Center (GTOC) globally coordinates security threat data, and disseminates critical countermeasure intelligence worldwide. The GTOC hosts the Internet Security Systems Atlanta Security Operations Center, providing 24/7 security monitoring and management. The X-Force Daily AlertCon, a measure of the current and forecasted Internet threats, is available on the ISS web site Determined by the X-Force, the AlertCon level (1-4) provides a real-time indication of the Internet threat environment. The daily AlertCon level allows a customer to quickly determine the prevailing Internet threat condition and review critical security details.

About Internet Security Systems, Inc.
Internet Security Systems, Inc. (ISS) (Nasdaq: ISSX) is a world leader in software and services that protect critical information assets from an ever-changing spectrum of threats and misuse. Software from Internet Security Systems dynamically detects, prevents and responds to sophisticated threats to networks, servers and desktops. Services include 24/7 system monitoring, emergency response and access to the X-Force, Internet Security Systems’ renowned research and development team. Internet Security Systems is the trusted security provider for more than 10,000 corporate customers, including all of the Fortune 50, the top 10 largest U.S. securities firms, 10 of the world’s largest telecommunications companies and major agencies and departments within U.S. local, state and federal governments. Headquartered in Atlanta, GA, Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. For more information, visit the Internet Security Systems Web site at or call 888-901-7477.


Internet Security Systems, X-Force and AlertCon are trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.

Don't miss