Of all browsers Symantec analyzed in 2009, Safari had the longest window of (vulnerability) exposure with a 13-day average
Attack type "PDF Suspicious File Download" accounted for 49% of Web-based attacks for 2009. In comparison the use of malicious PDFs in 2008 was 11%.
Crimeware kits like Zeus make it easier for unskilled attackers to compromise computers and steal information
Although the report is attributing the growth of cybercrime to the right factors, there's one element of the cybercrime ecosystem that has more effect that the overall availability and affordable price of the ZeuS kit - the Cybercrime-as-a-Service (CaaS) market model.
What's more dangerous? The ever-decreasing price of the ZeuS crimeware kit, or the trending availability of Cybercrime-as-a-service propositions? Just how significant as a threat is the Zeus crimeware kit?
Not surprisingly, the company is contributing the growth of ZeuS crimeware generated malware -- in 2009, Symantec observed nearly 90,000 unique variants of binary files created by the Zeus toolkit -- to the combination of its affordable price, and the increasing number of people performing online banking activities.
The company is not alone in observing the growth and success of the ZeuS crimeware kit.
The new version of Zeus targets the growing population of Firefox users, in addition to Internet Explorer. Previous versions were incapable of exploiting Firefox to commit sophisticated online fraud against banks using strong layers of authentication. However, Zeus 1.4 supports HTML injection and transaction tampering for Firefox, two techniques which are effectively used to bypass strong authentication and transaction signing solutions.