From: SecuriTeam [mailto:[EMAIL PROTECTED]
Sent: Monday, June 09, 2003 9:34 AM
To: [EMAIL PROTECTED]
Subject: [NEWS] The Slammer Worm Effect: Why Linux OS is More Attackable than Windows OS
- - - - - - - - -
The Slammer Worm Effect: Why Linux OS is More Attackable than Windows OS
A very interesting analysis of the amount of attacked hosts (Linux vs.
Windows) has been created by Zone-H. It shows that taking into account such
worms as Slammer, reveals that Linux is currently the most attacked host on the
Internet.
The news appeared during the last days in which London based MI2G.com stated
that Linux OS is now more attacked then Windows has been reported by media and
immediately criticized by the IT Security world.
MI2G is basing part of
their research job relying on Zone-H.org databases therefore they based their
last press release using the data Zone-H is sending to all its mail subscribers
regarding the daily attacks.
Using such data MI2G was calculating that
the amount of Linux attacks has stably overcome the Windows attacks.
The
direct result of Zone-H data organized in a chart graphically supporting MI2G
statement is in fact showing that today Linux attacks are as 5 times higher than
the Windows ones.
The
IT Security world has immediately attacked MI2G statement saying that when
counting the attacks MI2G accounted all the mass-defacement (an attack that
while hitting a single IP or host, generates multiple defacements like it
usually happens to big hosting companies) as single hits.
The Itsec
purists argued that the mass-defacements should be accounted instead as 1 single
hit therefore MI2G statement was either premature or inaccurate.
The
only organization that has enough authority to solve the dilemma is Zone-H as
today is holding the most complete database having access to direct statistics.
Therefore, today Zone-H staff started to dig in the archives filtering
out all attacks by SINGLE IP divided into the different OSs.
The results
that came out is clear: Linux is in effect the most attacked Operative System,
and this already since middle March 2003 as you can check by this graph:
The
graph is showing the attacks trend during the last 16 moths.
The graph
shows clearly that one of the most hit OS over the time was Windows (red line).
The interesting fact is that since middle-January 2003 Windows became for some
unknown reasons less attacked (and less attackable) than Linux.
Zone-H
identified the reason of this strange phenomenon in what Zone-H calls the
"Slammerworm effect".
In fact, the Slammer worm ha produced since
December 2002 a spike in the Windows 2000 statistics. Since then, the Slammer
worm threat has been so much covered by the media that companies started to
patch at a speed never seen before. The result of this process is that Windows
OS has instantly become less attractive for crackers.
If we also
consider that the number of the worldwide Windows installations is presumably
higher than the Linux installation it means that a properly weighted analysis
would reveal that the Linux "hacker attractiveness" would be even clearer.
The graph generated from Zone-H databases is also showing other
interesting aspects: the web cracking phenomenon is transforming more and more
into a social problem very much related to political issues.
The
September 11th anniversary and the Iraq war have been the reason why the overall
number of attacks has increased 500%, hitting this year an amount of targets
never seen before.
If anybody before was under evaluating the
web-cracking events, these graphs and numbers should be the reason of paying
more attention to these facts as they are more and more configuring a sociologic
problem.
Additional Information:
The original article can be found
at:
http://www.zone-h.org/winvslinux
The information has been provided by SyS64738 of http://www.zone-h.org/.
================================================================================
This bulletin is sent to members of the SecuriTeam mailing
list.
To unsubscribe from the list, send mail with an empty subject line and
body to: [EMAIL PROTECTED]
In order to subscribe to the mailing list and receive advisories in HTML
format, simply forward this email to: [EMAIL PROTECTED]
================================================================================
================================================================================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without
warranty of any kind.
In no event shall we be liable for any damages
whatsoever including direct, indirect, incidental, consequential, loss of
business profits or special damages.
