End users are the main targets of online attacks

A report about the state of the Web by Zscaler indicates that cyber criminals have transferred the focus of their attacks from web and email servers to end user systems. Their goal is to compromise the system and enter it there where the security chain presents its weakest link – the end user. The end user is simply more vulnerable to technical vulnerabilities, social engineering and web-based attacks.

Based on a recent study of traffic passing through Zscaler’s global network, IE is still the dominant browser, occupying around 65% of the market. Version 6 of IE is still used by the majority of enterprises, even though it doesn’t have most of the security features of its successors IE 7 and 8:

IE 6 also lacks Data Execution Prevention and Address Space Layout Randomization features that prevented users of IE 7 and 8 to be targeted in the January Operation Aurora attacks, as well as cross-site scripting protection. The conclusion? Users should move away from IE 6, and Microsoft should stop supporting this version.

Most popular sites and search engines
The top place on the list of most used search engines is Google with 57%, followed by Yahoo” with 18%. Facebook is the most popular social network, with 74% of the social networking traffic directed towards it. MySpace comes second with 15%. Amazon heads the list of the top 10 shopping sites:

Malware and phishing
Malware is hosted in the United States in 80% of the cases. Of the 20% that remains, 25% belongs to the Netherland, 20% to India, 14% to Germany, and the rest to China, Cyprus, the Russian Federation and others.

The top phishing site blocked was was coolxd.com, recently removed from the Internet. The top malicious domains are adfarm.mediaplex.com, link4you.3322.org and www.tns-counter.ru, which accounted for 55% of malicious URLs transactions.

The top anonymizer service used was kproxy.com, and the top three malware infections are – no surprise here – served by botnets sending ZeuS/Zbot, fake AV and Banker Trojan variants.

The most prominent C&C IP address seen,, is based in Ukraine, and belongs to the Eurohost/UralComp IP blocks. Ukraine and Russia are at the top of the list of countries that host C&C centres, but Sweden is also home to some.

To view the report, go here (some information is required).

Share this