In its quarterly and year-end Internet Risk Impact Summary Report (IRIS) released Tuesday, Internet Security Systems paints a rather grim picture of the state of Internet security and warns of persistent threats to come from new forms of mass-mailing worms.

While such reports from a company that sells security software and services have to be taken with a grain of salt, the numbers ISS reports are somewhat startling. Overall security incidents rose to 1,867 in the fourth quarter from 1,385 in Q3, a 35% increase.

There was a bit of good news: The company tracked 101 hybrid threats and computer worms in the fourth quarter, down 28% from the previous quarter.

ISS cautions that the attacks it is now finding seem to have longer lifespans that their predecessors. That owes to the nature of hybrid threats, which combine attributes of viruses, worms and Trojans, often causing compromised systems to automatically find and infect other systems.

Over the last two quarters of 2002, ISS also says it saw a "major shift" toward large-scale attacks that target critical systems, such as the attack last October on 13 of the Internet's Domain Name Service (DNS) root servers.

Similarly, the company says it is seeing a rise in the use of multiple hybrid threats against the same vulnerability. ISS further warns that worm writers are more often releasing their source code, enabling other hackers to create variants of their worms. For example, within about 20 days there were four variants of the Linux.Slapper.Worm on the Internet, ISS says.

ISS found 644 new vulnerabilities in the fourth quarter of last year, 347 in commercial software, 297 in open source software. The most common vulnerabilities continue to involve buffer overflows, which can allow unauthorized access to a system.

ISS also notes that 23% of security events in the fourth quarter occurred over a weekend, when organizations typically have reduced staff.

For the early part of 2003, the ISS reports says the greatest threats will come from "new, mass-mailing and highly persistent worms, as well as the rising focus on hacktivism." Increasing use of consumer broadband connections as well as wireless LANs will also serve as sources of exploitation, ISS warns.

The full IRIS report is available here as a PDF file.