When a Microsoft Windows machine gets infected by viruses/malware it
does so mainly because users forget to update the Java JRE, Adobe
Reader/Acrobat and Adobe Flash. This is revealed by a survey conducted
by CSIS Security Group A/S.
Basis of the study
CSIS has over a period of almost three months actively collected real
time data from various so-called exploit kits. An exploit kit is a
commercial hacker toolbox that is actively exploited by computer
criminals who take advantage of vulnerabilities in popular software. Up
to 85 % of all virus infections occur as a result of drive-by attacks
automated via commercial exploit kits.
The purpose of this study is to reveal precisely how Microsoft Windows
machines are infected with malware and which browsers, versions of
Windows and third party software that are at risk.
We have monitored more than 50 different exploit kits on 44 unique
servers / IP addresses. Our figures come from the underlying statistical
modules, thereby ensuring an as precise overview of the threat
landscape as possible.
The statistical material covers all in all more than half a million user
exposures out of which as many as 31.3 % were infected with the
virus/malware due to missing security updates.
The thousands of users who unknowingly have been exposed to drive-by attacks have used the following web browsers:
Illustrated below is users distributed by the operating system that has been exposed to malicious code:
The numbers of Danish users who have been exposed during the observed
period represent a total of 13,210 of which 2877 have been force-fed
with malicious code - probably without the users’ knowledge. More than
80 % of the total number of infections is a so-called cocktail of
viruses/malware, which typically consists of information and data
thieves and fake security programs.
Most vulnerable programs
On the basis of the total statistical data of this study it is
documented that following products frequently are abused by malware in
order to infect Windows machines: Java JRE, Adobe Reader / Acrobat,
Adobe Flash and Microsoft Internet Explorer. A more detailed summary is
given below:
Vulnerabilities abused
Among the vulnerabilities we have observed abused by the monitored exploit kits, we find:
CVE-2010-1885 Microsoft Help & Support HCP
CVE-2010-1423 Java Deployment Toolkit insufficient argument validation
CVE-2010-0886 Java Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE
CVE-2010-0842 Java JRE MixerSequencer Invalid Array Index Remote Code Execution Vulnerability
CVE-2010-0840 Java trusted Methods Chaining Remote Code Execution Vulnerability
CVE-2009-1671 Java buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll
CVE-2009-0927 Adobe Reader Collab GetIcon
CVE-2008-2992 Adobe Reader util.printf
CVE-2008-0655 Adobe Reader CollectEmailInfo
CVE-2006-0003 IE MDAC
CVE-2006-4704 Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
CVE-2004-0549 ShowModalDialog method and modifying the location to execute code
The reason why patching are essential
The conclusion of this study is that as much as 99.8 % of all
virus/malware infections caused by commercial exploit kits are a direct
result of the lack of updating five specific software packages.
An effective solution
With this study CSIS has received confirmation that our security program
Heimdal is addressing a market not adequately covered by a proper patch
routine or policy for this area. Since the statistical figures cover
both private PCs and machines used for business purposes, it is our
opinion that this is a general problem.
Heimdal can be used in several versions: a free test version, a pro
version with advanced functionalities such as web filtering securing
your online presence, and finally a corporate version which can easily
be distributed and administered in a Microsoft Windows network.
Author: Peter Kruse, Partner & Security Specialist at CSIS.
Sumber : Help Net Security
DOwnload
Tidak ada komentar:
Posting Komentar