Web Application Attacks Dominate IT Landscape

By Matt Hines  |  Posted 2006-09-25

Web Application Attacks Dominate IT Landscape

Attacks that capitalize on vulnerabilities in popular Web browsing software and targeted malware and phishing efforts dominated the first six months of 2006, according to Symantecs latest Internet Security Threat Report.

Published on September 25, the twice-yearly analysis highlights continued growth of the browser vulnerability issue, finding that 69 percent of all the new threats unearthed by the company between Jan. 1 and June 30 attempted to take advantage of flaws in Microsofts Internet Explorer, Mozillas Firefox and other popular Web applications.

The anti-virus market leader, based in Cupertino, Calif., said the relative ease with which malware code writers can isolate vulnerabilities in browsers and other Web-based programs continues to drive popularity of the attacks, compared to threats targeting client-side applications.

Internet Explorer remains the most frequently targeted Web browser, accounting for 47 percent of all such attacks, followed by Firefox, which accounted for 20 percent.

Threats that were designed to target vulnerabilities in multiple browsers, including Explorer, Firefox, Apples Safari and others, made up 31 percent of attacks on the programs.

In total, Symantec detected 47 new vulnerabilities in Firefox and the Mozilla browser, 38 flaws in Explorer, and 12 issues in Safari, representing a 52 percent rise in browser-based problems compared to the 25 vulnerabilities recorded over the last six months of 2005.

In another browser-related trend, malware writers are increasingly attempting to exploit vulnerabilities in sites that use AJAX (asynchronous JavaScript and XML) a so-called Web 2.0 development technique meant to accelerate interaction between browsers and online applications.

The malware threats tracked by Symantec also sought to propagate themselves more slowly than previous generations to help prevent their detection. The top 10 new strains of malicious software observed by the security company were so-called Trojan attacks, which are typically disguised as legitimate programs.

For example, Symantec pointed to the Mdropper.H Trojan attack, which exploited a zero-day vulnerability in Microsoft Word and installed a subsequent back door program.

Spyware, bots, rootkits flood through unpatched IE hole. Click here to read more.

Sent to a smaller, select user group, the attack attempted to convince people receiving it to open it using several different types of social engineering.

By using such targeted methods to attacks users, Symantec said the programs are less likely to be found and reported to anti-virus researchers. In the enterprise arena, the attacks most commonly seek to gain access to sensitive corporate information.

Lending further credence to its assertion that malware and phishing attacks are driven by criminal efforts to make money, Symantec reported that financial services companies were the second most targeted group of users over the first half of 2006, behind only home computers.

Such attacks attempt to steal companies customer information including credit card or bank account numbers to carrying out identity theft and other forms of fraud.

"Money is clearly the motivating factor in most of the attacks we see, and the threats are moving downstream as people have become wary of phishing schemes and other attacks meant to appear that they come from large banks, and other well-known companies such as eBay," said Alfred Huger, senior director of development for Symantecs Security Response unit.

Next Page: Phishing attacks to get more complex.

Phishing Attacks to Get

More Complex">

"The attackers are going so far as trying to find out who the customers of a specific bank or credit union may be and targeting them directly. Theyre spending more time doing the upfront work to try and yield greater success from their work."

Symantec reported phishing attacks have continued to grow in volume as well as complexity. The company said that over the first six months of 2006 its researchers unearthed a whopping 157,477 unique phishing messages, representing an 81 increase compared to the 86,906 phishing schemes it saw during the second half of 2005.

Financial services companies continue to draw the most attacks, accounting for 84 percent of the phishing sites discovered by the Symantecs Phish Report Network and Brightmail AntiSpam organization.

Apple ships patch for MacBook Wi-Fi hack. Click here to read more.

Another increasingly popular trend highlighted in the report is the use of applications designed to appear as legitimate software that actually harbor malware attacks such as spyware and adware.

Symantec said that three of the top 10 new security risks it observed during the first half of 2006 were misleading applications. A popular format for the attacks is to promise users free desktop security software that actually attempts to steal their personal information or load malware including rootkits onto desktops once installed.

Looking forward, the anti-virus specialist predicted that polymorphic viruses, or malware strains that change their own signatures each time they infect a new machine to avoid detection from security programs, will continue to grow in popularity.

The company predicted that code writers at every level of the malware industry, from seasoned criminals to amateurs who buy their threat code from other parties, will adopt the technique to help their work have a more widespread affect and remain hidden on computers for longer periods of time.

Symantec contends that the use of AJAX and other Web 2.0 technologies will also increase in frequency, specifically leading to an increased number of cross-site scripting and content injection attacks.

That development has the potential to expose even greater numbers of users to attacks that can be detected by most traditional security tools, researchers said.

Symantec, which is increasingly competing with software giant Microsoft, is also predicting that vulnerability-finding efforts aimed at its rivals next-generation Vista operating system will ramp up over the latter half of 2006.

Symantec is one of two companies, along with Adobe Systems, that is expected to present arguments to officials with the European Union about Microsofts push with Vista into new market sectors, specifically the anti-virus arena.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

Rocket Fuel