Web Application Attacks Dominate IT Landscape

According to Symantec's Internet Security Threat Report, malware targeting Web browsers and other online applications remains the biggest hazard to enterprise security.

Download the authoritative guide:

Attacks that capitalize on vulnerabilities in popular Web browsing software and targeted malware and phishing efforts dominated the first six months of 2006, according to Symantecs latest Internet Security Threat Report.

Published on September 25, the twice-yearly analysis highlights continued growth of the browser vulnerability issue, finding that 69 percent of all the new threats unearthed by the company between Jan. 1 and June 30 attempted to take advantage of flaws in Microsofts Internet Explorer, Mozillas Firefox and other popular Web applications.

The anti-virus market leader, based in Cupertino, Calif., said the relative ease with which malware code writers can isolate vulnerabilities in browsers and other Web-based programs continues to drive popularity of the attacks, compared to threats targeting client-side applications.

Internet Explorer remains the most frequently targeted Web browser, accounting for 47 percent of all such attacks, followed by Firefox, which accounted for 20 percent.

Threats that were designed to target vulnerabilities in multiple browsers, including Explorer, Firefox, Apples Safari and others, made up 31 percent of attacks on the programs.

In total, Symantec detected 47 new vulnerabilities in Firefox and the Mozilla browser, 38 flaws in Explorer, and 12 issues in Safari, representing a 52 percent rise in browser-based problems compared to the 25 vulnerabilities recorded over the last six months of 2005.

In another browser-related trend, malware writers are increasingly attempting to exploit vulnerabilities in sites that use AJAX (asynchronous JavaScript and XML) a so-called Web 2.0 development technique meant to accelerate interaction between browsers and online applications.

The malware threats tracked by Symantec also sought to propagate themselves more slowly than previous generations to help prevent their detection. The top 10 new strains of malicious software observed by the security company were so-called Trojan attacks, which are typically disguised as legitimate programs.

For example, Symantec pointed to the Mdropper.H Trojan attack, which exploited a zero-day vulnerability in Microsoft Word and installed a subsequent back door program.

/zimages/6/28571.gifSpyware, bots, rootkits flood through unpatched IE hole. Click here to read more.

Sent to a smaller, select user group, the attack attempted to convince people receiving it to open it using several different types of social engineering.

By using such targeted methods to attacks users, Symantec said the programs are less likely to be found and reported to anti-virus researchers. In the enterprise arena, the attacks most commonly seek to gain access to sensitive corporate information.

Lending further credence to its assertion that malware and phishing attacks are driven by criminal efforts to make money, Symantec reported that financial services companies were the second most targeted group of users over the first half of 2006, behind only home computers.

Such attacks attempt to steal companies customer information including credit card or bank account numbers to carrying out identity theft and other forms of fraud.

"Money is clearly the motivating factor in most of the attacks we see, and the threats are moving downstream as people have become wary of phishing schemes and other attacks meant to appear that they come from large banks, and other well-known companies such as eBay," said Alfred Huger, senior director of development for Symantecs Security Response unit.

Next Page: Phishing attacks to get more complex.