Feeds

Java, Adobe vulns blamed for Windows malware mayhem

Five products hit in 99.8% of hacks

Protecting users from Firesheep and other Sidejacking attacks with SSL

Failure to patch third-party applications has become the main reason that Windows machines get infected with malware.

Drive-by download attacks from hacker-controlled websites loaded with exploits replaced infected email attachments as the main distribution method for malware somewhere between three to five years ago. At the start of this period browser exploits were the main stock-in-trade for VXers but this has changed over time, as a study by Danish security firm CSIS and published on Tuesday illustrates.

Up to 85 per cent of all virus infections happen as the result of drive-by attacks served up via commercial exploit kits, CSIS reports. The security consultancy, which specialises in e-crime research, monitored the behaviour of 50 different exploit kits over a period of three months, analysing the causes of infection of both commercial and consumer systems.

The study discovered that 31.3 per cent of 500,000 users who were exposed to exploit toolkits were secretly force-fed malware as a result of missing security updates.

Systems running vulnerable versions of Java JRE, Adobe Reader and Acrobat, and Adobe Flash were particularly at risk of attack. Vulnerabilities in Internet Explorer, by contrast, only cropped up in 10 per cent of attacks. By contrast, Java flaws (37 per cent), Adobe Reader/Acrobat (32 per cent) and Flash (16 per cent) were far more productive routes towards exploit. Apple QuickTime holes were poked in two per cent of attacks. Infected systems are typically loaded with a cocktail of malware, often including fake anti-virus software (AKA scareware) and information-stealing spyware.

CSIS concludes that "99.8 per cent of all virus/malware infections caused by commercial exploit kits are a direct result of the lack of updating five specific software packages".

More information of the study – which illustrates the primary importance of patching alongside anti-virus defences – can be found here. CSIS research Peter Kruse explained that anti-virus still has a role to play in guarding against malware infection while stressing the point that relying on security software without improving patching practices is bound to result in trouble.

"Anti-virus is still needed however the ways to circumvent AV detection are many and works at different levels eg, the exploit kit authors sometime provide SLA (Service Level Agreement) and guarantees that the code is not picked up by AV," Kruse told El Reg. "This is usually done by slightly changing the code and obfuscating it. The payload is often tricked past AV using complex packers."

"Obviously this put the pressure on both private end users and companies to patch regularly. For most companies the patch management is sometimes troublesome and time consuming but very much needed to avoid modern malware," he added. ®

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.