-- Symantec observed that denial-of-service attacks grew from an average of 119 per day to 927 per day during the first half of 2005 -- a 680% increase over the previous reporting period. The most frequently targeted industry was education, followed by small business and financial services.

-- The time between the disclosure of a vulnerability and the release of associated exploit code decreased from 6.4 days to 6.0 days. In addition, an average of 54 days elapsed between the appearance of a vulnerability and the release of an associated patch by the affected vendor. This means that, on average, 48 days elapsed between the release of an exploit and the release of an associated patch; during this time, systems are either vulnerable or administrators are forced to create their own workarounds to protect against exploitation.

-- During the first half of 2005, Symantec documented 1,862 new vulnerabilities -- the highest number ever recorded in the Internet Security Threat Report. 97% of these vulnerabilities were classified as moderate or high in severity, and 59% of all vulnerabilities were found in Web application technologies, marking an increase of 59% over the previous reporting period and a 109% increase over the first six months of 2004.

-- A growing number of Win32 viruses and worm variants were also reported during the first half of 2005. Symantec documented 10,866 new Win32 virus and worm variants, an increase of 48% over the previous reporting period and 142% over the first half of 2004.

-- Adware, spyware, and spam continue to propogate, according to the report. Eight of the top 10 adware programs were installed through Web browsers. Of the top 10 adware programs reported, five hijacked browsers. Six of the top 10 spyware programs were bundled with other programs and six were installed through Web browsers. Symantec also observed that spam made up 61% of all e-mail traffic and that 51% of all spam received worldwide originated in the United States.

-- An analysis of future and emerging trends concluded that an increase in the number of attacks and threats directed at wireless networks is likely. In addition, Voice over Internet protocol (VoIP) threats are expected to emerge as more enterprises merge their data and voice networks.  "Full Article"