Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    The number of software vulnerabilities, as measured by entries in the Common Vulnerabilities and Exposures (CVE) database, went down in 2010, although due to the complexity of modern programs, they can never be completely eliminated. Criminals take advantage of this to drop their malware onto the systems of victims everywhere.

    Because of this, there is a continued need for vulnerability defense solutions like Intrusion Defense Firewall (IDF), a plug-in for OfficeScan™ and Deep Security.

    In recent years, both vulnerability researchers and criminals have been focusing their attacks on third-party applications. This is quite natural, as both Internet-exposed services (such as Web servers) and the OSs themselves have been made more secure. This focus on third-party applications increases the risk for typical end users, as they tend to ignore third-party programs as primary attack vectors. In addition, no common patching platform like Windows Update is provided, raising the risk of having vulnerable versions on user systems.

    Let’s examine the number of publicly disclosed proof-of-concept (POC) exploits that allowed remote code execution in several applications that users commonly utilize (these are based on exploits posted on the Exploits Database site):

    Application(s) Number of Exploits
    Internet Explorer 7
    Mozilla Firefox 3
    Adobe products (Flash and Acrobat/Reader) 16
    Java 4

    Note the number of exploits for third-party applications above compared with browsers. Both Adobe and Java exploits are very reusable, as the vulnerable applications are present on most user systems. In addition, these can be obfuscated to bypass network-based intrusion protection systems.

    Out of these critical vulnerabilities in 2010, the ones which had the most impact in the wild were:

    It’s also worth noting that the DOWNAD/Conficker threat, which dates back to late 2008, was still quite active during the first half of the year. DOWNAD isn’t quite dead yet.

    What kind of malware are dropped or downloaded onto users’ systems by exploits? Variants of the ZeuS family of malware were favored payloads throughout 2010. In particular, exploits using .PDF files and ActiveX controls as infection vectors were frequently used for this purpose.

    These threats highlight how important it is for users to properly protect themselves against vulnerabilities by patching their software. For that, readers should consult the previous blog post “Have You Patched Your System Lately?” The CTO Insights blog also talked about it in the video “Zero Day Vulnerabilities Risk Overblown.”





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice