Web Attacks are Biggest Threat

Malware tops symantec report on security hazards.

Attacks that capitalize on vulnerabilities in popular Web browsing software, targeted malware and phishing efforts dominated the first half of 2006, according to Symantecs latest Internet Security Threat Report.

Published on Sept. 25, the twice-yearly analysis highlighted continued growth of browser vulnerability, finding that 69 percent of all new threats unearthed by the company between Jan. 1 and June 30 attempted to take advantage of flaws in Microsofts Internet Explorer, the Mozilla Foundations Firefox and other popular Web applications.

Symantec, based in Cupertino, Calif., said in the report that the relative ease with which malware code writers can isolate vulnerabilities in browsers and other Web-based programs continues to entice such attacks, compared with threats targeting client-side applications.

In total, Symantec detected 47 new browser vulnerabilities, representing a 52 percent rise over the 25 vulnerabilities recorded in the latter half of 2005.

Malware writers are also increasingly attempting to exploit vulnerabilities in sites that use synchronous AJAX (Asynchronous JavaScript and XML), a so-called Web 2.0 development technique meant to accelerate interaction between browsers and online applications.

Criminals continued to focus malware and phishing attacks on specific companies and sets of end users in the first half of the year. The malware threats tracked by Symantec also sought to propagate themselves more slowly than previous generations to help prevent detection. The top 10 new strains of malicious software Symantec observed were so-called Trojan attacks, which are malware typically disguised as legitimate programs.

For example, Symantec pointed to the Mdropper.H Trojan attack, which exploited a zero-day vulnerability in Microsoft Word and installed a subsequent back-door program. Sent to a smaller, select user group, the attack attempted to persuade recipients to open it using several types of social engineering. Symantec said programs that use such targeted methods are less likely to be found and reported to anti-virus researchers. In the enterprise arena, the attacks most commonly seek to gain access to sensitive corporate information.

Lending further credence to its assertion that malware and phishing attacks are increasingly driven by criminal efforts to make money, Symantec reported that financial services companies were the second most targeted group of users over the first half of 2006, behind only home computers. Such attacks most frequently attempted to steal companies customer information, including credit card or bank account numbers, for the purpose of carrying out identity theft and other forms of fraud.

"Money is clearly the motivating factor in most of the attacks we see," said Alfred Huger, senior director of development for Symantecs Security Response unit, in Cupertino. "The attackers are spending more time doing the upfront work to try and yield greater success from their work."