Symantec Global internet Security threat report
Web-based attacks take on all comers
While targeted attacks frequently use zero-day vulnerabilities and social engineering to compromise enterprise users on a network, similar techniques are also employed to compromise individual users. in the late 1990s and early 2000s, mass-mailing worms were the most common means of malicious code infection. Over the past few years, Web-based attacks have replaced the mass-mailing worm in this position. Attackers may use social engineering—such as in spam messages, as previously mentioned—to lure a user to a website that exploits browser and plug-in vulnerabilities. these attacks are then used to install malicious code or other applications such as rogue security software on the victim’s computer.15
Of the top-attacked vulnerabilities that Symantec observed in 2009, four of the top five being exploited were client-side vulnerabilities that were frequently targeted by Web-based attacks (table 2). two of these vulnerabilities were in Adobe reader, while one was in Microsoft internet Explorer and the fourth was in an ActiveX® control. this shows that while vulnerabilities in other network services are being targeted by attackers, vulnerabilities in Web browsers and associated technologies are favored. this may be because attacks against browsers are typically conducted through the Http protocol that is used for the majority of Web traffic. Since so much legitimate traffic uses this protocol and its associated ports, it can be difficult to detect or block malicious activity using Http.
1 2 3 4 5
Table 2. Top attacked vulnerabilities, 2009 Source: Symantec
The top Web-based attacks observed in 2009 primarily targeted vulnerabilities in Internet Explorer and applications that process PDF files (table 3). Because these two technologies are widely deployed, it is likely that attackers are targeting them to compromise the largest number of computers possible. As is discussed in the “Web browser vulnerabilities” discussion in this report, Mozilla® Firefox® had the most reported vulnerabilities in 2009, with 169, while internet Explorer had just 45, yet internet Explorer was still the most attacked browser. this shows that attacks on software are not necessarily based on the number of vulnerabilities in a piece of software, but on its market share and the availability of exploit code as well.16
h t t p : / / e v a l . s y m a n t e c . c o m / m k t g i n f o / e n t e r p r i s e / w h i t e _ p a p e r s / b - s y m c _ r e p o r t _ o n _ r o g u e _ s e c u r i t y _ s o f t w a r e _ W p _ 2 0 1 0 0 3 8 5 . e n - u s http://marketshare.hitslink.com/browser-market-share.aspx?qprid=0 . p d f