Symantec Global internet Security threat report
Volume XiV of the Symantec Global Internet Security Threat Report questioned whether the security enhancements in internet Explorer 8 would further limit the viability of ActiveX vulnerabilities.100 in 2009, internet Explorer 8 went from 0.6 percent market share at the beginning of the year to 13.5 percent market share at the end of the year.101 As a result, internet Explorer 8 is now the most widely used version of the internet Explorer browser. this may correlate to the decline of ActiveX vulnerabilities because ActiveX security has been further enhanced in this version, potentially limiting the viability of many ActiveX vulnerabilities.
While ActiveX vulnerabilities are currently on the decline, vulnerabilities in other plug-in technologies such as Java SE and Adobe reader are on the rise. the prior focus on ActiveX vulnerabilities among security researchers and attackers was due to the ubiquity of ActiveX technologies as a whole—mostly because of the high market share of internet Explorer. However, the vulnerabilities themselves were scattered among hundreds of disparate vendors. in contrast, Java SE and Adobe reader are not only ubiquitous, but they are cross-browser and cross-platform technologies.
Among the vulnerabilities discovered in 2009, a vulnerability affecting both Adobe reader and Flash player was the second most attacked vulnerability.102 this was also one of four zero-day vulnerabilities affecting Adobe plug-ins during 2009. two of the vulnerabilities were in the top five attacked vulnerabilities for 2009. Additionally, Adobe vulnerabilities have been associated with malicious code attacks such as the pidief.E trojan.103 Symantec observed the use of targeted pDFs for trojan attacks earlier in the year.104 Among the vulnerabilities discovered in 2008, a vulnerability in Java SE was the second most attacked vulnerability.105 Ultimately, both security researchers and attackers have diverted their efforts to these platforms.
Organizations should employ vulnerability assessment and policy compliance software to ensure that unauthorized software is not installed on desktops. this may help remove the risk presented by software that was intentionally or unintentionally installed by users within the organization. Users should use browser security features and add-ons to prevent their browser from invoking plug-in functionality to render or display potentially harmful content.
Top attacked vulnerabilities
this metric will examine the top attacked vulnerabilities. this data is based on events collected from Symantec ipS and Symantec’s Global intelligence network. the events are triggered by ipS signatures that are specifically designed to detect unique vulnerabilities. When an event is triggered, it does not necessarily indicate that the exploit was successful, but merely that the activity identified by the signature has been detected. this normally indicates an attempted attack.
For the purposes of this discussion, the attacked vulnerabilities are divided by their year of publication. this provides insight into which vulnerabilities published in 2008 and 2009 are being attacked in the wild. the discussion will cover the top five attacked vulnerabilities from each year, according to the amount of activity associated with each vulnerability. this will help to pinpoint trends, such as the types of vulnerabilities that are associated with most attack activity, and the degree to which exploitation for
100 101 102 103 104 105
h t t p : / / e v a l . s y m a n t e c . c o m / m k t g i n f o / e n t e r p r i s e / w h i t e _ p a p e r s / b - w h i t e p a p e r _ i n t e r n e t _ s e c u r i t y _ t h r e a t _ r e p o r t _ x i v _ 0 4 - 2 0 0 9 . e n - u s . p d f : p http://www.w3schools.com/browsers/browsers_explorer.asp http://www.securityfocus.com/bid/35759 http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99 http://www.symantec.com/connect/blogs/targeted-pdfs-used-exploits http://www.securityfocus.com/bid/32608 . 4 1