X hits on this document

PDF document

Symantec enterpriSe Security - page 24 / 97





24 / 97


Symantec Global internet Security threat report

An attacker can exploit this vulnerability by enticing a victim to open a malicious Web page. A successful attack will allow an attacker to execute remote code on a victim’s computer. this vulnerability may be appealing to attackers because, rather than relying on a plug-in that may or may not be installed on a target computer, it relies only on the use of a version of a popular browser, thereby increasing the number of potential victims.53

Vulnerabilities such as those in the top 10 for 2009 continue to generate a large amount of observed attack activity because they can be reliably exploited on systems that are not routinely kept up to date. this makes these vulnerabilities prime candidates for automation. Despite the fact that fixes are available, as mentioned, it is likely that there are still enough unpatched systems in existence that these attacks continue to enjoy success. When attacks prove successful, they are often adopted by attack toolkits. this can cumulatively create a large amount of observed attack activity. it is also likely that older malicious code variants continue to attempt to automatically exploit these vulnerabilities as a means of propagation.

Countries of origin for Web-based attacks

this metric will assess the top countries of origin for Web-based attacks against users in 2009 by determining the location of computers from which the attacks occurred. note that an attacker in one country can compromise a Web server in another country that is visited by a user from another country. therefore, the location of attacks does not dictate the location of the actual attacker, who could be located elsewhere.

Once an attacker has compromised a legitimate website, users who visit the website can be attacked by several additional means. One method is a drive-by download, which results in the installation of malicious code without the user’s knowledge or consent.54 Another way is to redirect the user to another website that is hosting malicious code. Sites and servers hosting a variety of malicious exploits can be found worldwide, and multiple domains can be associated with a single compromised site that is being used to exploit one or more security vulnerabilities in affected client browsers.

Computers located in the United States were the leading source of Web-based attacks against users globally in 2009, accounting for 34 percent of the total (table 8). this is a slight decrease from 38 percent in 2008. Computers in the United States continue to account for a large percentage of Web-based attacks compared to other high-ranking countries. this is not surprising considering the extent of the internet infrastructure in the country, as well as the amount of malicious activity occurring on computers there, as previously discussed in “Malicious activity by country.” Furthermore, the United States accounts for a significant percentage of worldwide broadband usage, meaning that there are a greater number of computers that could potentially be used to launch attacks.55 All of these factors combined to create a convenient and established launching point for some attackers.

53 54


See http://marketshare.hitslink.com/browser-market-share.aspx?qprid=2 and http://www.w3schools.com/browsers/browsers_stats.asp A drive-by download is any download that occurs without a user’s prior knowledge or authorization and does not require user interaction. typically, this is an executable file. http://www.point-topic.com

Document info
Document views212
Page views212
Page last viewedFri Oct 28 12:23:58 UTC 2016