X hits on this document

PDF document

Symantec enterpriSe Security - page 10 / 97





10 / 97



Symantec Global internet Security threat report

Web-based attacks take on all comers

While targeted attacks frequently use zero-day vulnerabilities and social engineering to compromise enterprise users on a network, similar techniques are also employed to compromise individual users. in the late 1990s and early 2000s, mass-mailing worms were the most common means of malicious code infection. Over the past few years, Web-based attacks have replaced the mass-mailing worm in this position. Attackers may use social engineering—such as in spam messages, as previously mentioned—to lure a user to a website that exploits browser and plug-in vulnerabilities. these attacks are then used to install malicious code or other applications such as rogue security software on the victim’s computer.15

Of the top-attacked vulnerabilities that Symantec observed in 2009, four of the top five being exploited were client-side vulnerabilities that were frequently targeted by Web-based attacks (table 2). two of these vulnerabilities were in Adobe reader, while one was in Microsoft internet Explorer and the fourth was in an ActiveX® control. this shows that while vulnerabilities in other network services are being targeted by attackers, vulnerabilities in Web browsers and associated technologies are favored. this may be because attacks against browsers are typically conducted through the Http protocol that is used for the majority of Web traffic. Since so much legitimate traffic uses this protocol and its associated ports, it can be difficult to detect or block malicious activity using Http.




1 2 3 4 5

36299 Microsoft Windows SMB2 ‘_Smb2ValidateProviderCallback()’ Remote Code Execution 35759 Adobe Reader and Flash Player Remote Code Execution 33627 Microsoft Internet Explorer 7 Uninitialized Memory Code Execution 35558 Microsoft Windows ‘MPEG2TuneRequest’ ActiveX Control Remote Code Execution 34169 Adobe Reader Collab ‘getIcon()’ JavaScript Method Remote Code Execution

Table 2. Top attacked vulnerabilities, 2009 Source: Symantec

The top Web-based attacks observed in 2009 primarily targeted vulnerabilities in Internet Explorer and applications that process PDF files (table 3). Because these two technologies are widely deployed, it is likely that attackers are targeting them to compromise the largest number of computers possible. As is discussed in the “Web browser vulnerabilities” discussion in this report, Mozilla® Firefox® had the most reported vulnerabilities in 2009, with 169, while internet Explorer had just 45, yet internet Explorer was still the most attacked browser. this shows that attacks on software are not necessarily based on the number of vulnerabilities in a piece of software, but on its market share and the availability of exploit code as well.16

15 16

h t t p : / / e v a l . s y m a n t e c . c o m / m k t g i n f o / e n t e r p r i s e / w h i t e _ p a p e r s / b - s y m c _ r e p o r t _ o n _ r o g u e _ s e c u r i t y _ s o f t w a r e _ W p _ 2 0 1 0 0 3 8 5 . e n - u s http://marketshare.hitslink.com/browser-market-share.aspx?qprid=0 . p d f

Document info
Document views318
Page views318
Page last viewedMon Jan 16 17:56:33 UTC 2017