The security firm's analysis focused on major computer worms between 1999 and 2004, including Melissa, Code Red, Nimda, SQL Slammer, and Sasser.
Worms that required user interaction, such as opening attachments, and remotely controlled "bots" were not included in the trend report in order to focus solely on automated threats, Foundstone said.
The trend puts pressure on IT departments to fix vulnerabilities faster than ever, Stuart McClure, Foundstone president and CTO, said in a prepared statement.
"The window within which the good guys have to work is closing fast," he said.