Picking on Weak Browsers
It has also become easier for attackers to use the vulnerabilities in browser programs to build engines on Web servers that detect what type of software an individual is using and then launch malware programs that can take advantage of applications with holes that they have discovered. The malware writers are also using peoples IP address information to tailor the content they attempt to deliver to a certain target. "If a malware site such as this sees Internet Explorer 6, they send something different than if they see IE 7; theres a lot of logic in these engines," Ollmann said. "The site will look at the first request the browser makes and then find the right payload to deliver when the browser makes a second request. It happens that fast."Traditional signature-based anti-virus products, versus behavior-oriented tools, are still failing to stop even those threats aimed at well-known vulnerabilities, according to Ollman, who noted that the most popular exploit used to infect Web browsers with malware in 2006 was the Microsoft MS-ITS vulnerability, first disclosed in 2004. Over the course of 2006, June was the month that saw the highest volume of new software vulnerabilities, while the week before the Thanksgiving holiday was the busiest week of the year. IBM reported that so-called downloaders, also known as Trojan Viruses, which install themselves and attempt to retrieve other malware programs, represented the most popular form of threat seen in 06, accounting for 22 percent of all attacks. Among the other findings highlighted in the report was news that the volume of spam increased by 100 percent during the last year, and that the United States, Spain and France were the three top sources of spam worldwide. In a reflection of the number of experienced users and businesses run in Germany, German was the second most popular language for spam e-mails, Ollmann said, but the volume of spam written in English still represents approximately 92 percent of the messages. In a nod to the art of simplicity, the most popular subject line for spam in 2006 was "Re: hi," according to the report. South Korea accounts for the highest source of phishing e-mails, according to the report, and Web sites that host pornographic or sex-related content represented 12 percent of the Internet last year.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.
The researcher said that malware communities are also sharing lists of IP addresses to find specific sets of targets to assail with their programs, and to help identify accounts used by security software makers to help detect new attacks and code variations.