Report: Patched vulnerabilities remain prime exploitation vector

Summary:Two reports highlight the fact that outdated and already patched vulnerabilities remain the prime exploitation vector for malicious attackers and cybercriminals in general.

Which is the most popular tactic that cybercriminals uses on their way to infect users with malicious code (malware) and generate yet another botnet?

According to a newly released report by M86 Security, that's patched vulnerabilities. Why are cybercriminals turning to the exploitation of outdated flaws in the first place? Sadly, because it works taking into consideration the average insecure 3rd party application/plugin on a sample PC. Are cybercriminals being picky? Not at all, as thanks to web malware exploitation kits such as Eleonore, Phoenix, Unique Pack, Crime Pack or Fragus, they always exploit whatever is exploitable on a targeted host.

The top 10 most observed vulnerabilities served by web malware exploitation kits:

  • Microsoft Internet Explorer RDS ActiveX
  • Office Web Components Active Script Execution
  • Microsoft Video Streaming (DirectShow) ActiveX Vulnerability
  • Real Player IERPCtl Remote Code Execution
  • Adobe Acrobat and Adobe Reader CollectEmailInfo
  • Adobe Reader GetIcon JavaScript Method Buffer Overflow
  • Adobe Reader util.printf() JavaScript Func() Stack Overflow
  • Microsoft Internet Explorer Deleted Object Event Handling
  • Microsoft Access Snapshot Viewer ActiveX Control
  • Adobe Reader media.newPlayer

Next to the above mentioned flaws, the report is also emphasizing the fact that, in the second half of 2010, Java-based attacks rose to higher levels than anticipated.

The trend is confirmed by a second recently released report. According to Cisco's data, the exploitation of patched Java flaws has outpaced exploitation through the use of malicious PDF files, at 6.5 percent on average for 4Q10. The increase of this exploitation technique is once again contributed to the use of specific web malware exploitation kits.

See also:

Users are advised to use least privilege accounts, browse the web in isolated environment, and ensure their hosts are free of outdated 3rd party software, browser plugins or OS-specific flaws.

Topics: Malware, Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.