Human exploit attacks surpass the software flaw approach
Barracuda Labs released its annual report for 2009, in which they highlight the shifts in Internet user behavior and the resulting attacker trends.
As millions of users flocked to Twitter, criminals followed. Accounts were used for poisoning trending topics with shortened malicious URLS. In 2009, one in eight accounts was considered to be malicious, suspicious or otherwise misused and was subsequently suspended.
The shift towards human exploits was obvious – 69 percent of attacks was perpetrated using social engineering (FakeAV and phishing) and search result poisoning, compared to 39 percent carried out using software exploits.
Web exploit kits were increasingly used by attackers to host exploits on compromised sites. These kits embed small portions of code that will be accessed by visitors to the otherwise legitimate site. The exploit page typically tries several exploits based on a range of vulnerabilities in the client’s browser, machine and software.
The exploit kits typically also host an administration page that allows the attacker to configure the kit and view statistics about infected clients, and are created by skilled programmers and then sold so that other attackers can carry out attacks. The price ranges from $300 to $1,000. Their names are LuckySploit, UniquePack, NucPack, Liberty, Fragus, Tornado, Fiesta, IcePack, FirePack, MPack, Eleonore, and others.
The top five vulnerabilities that these exploit kits targeted in 2009 are:
- Adobe malicious PDF
- Microsoft Internet Explorer memory corruption
- Adobe Flash Player integer overflow
- Microsoft Video DirectShow ActiveX Control
- Microsoft Office Web Components ActiveX control heap.
Barracuda Labs examined more that 700 billion emails in 2009. Of those:
- 92.24% were spam
- 0.07% were infected
- 1.12% were suspicious
- 6.57% were legitimate.
Trojans and phishing attacks were the dominant types of malware sent via email.
For more details, download the report here.