Internet Security Software - Computer Security Software - Security Software
Software Security Solutions background
 
 

LinkScanner
LinkScanner Resource Center
LinkScanner Support
LinkScanner White Papers
LinkScanner Press Releases
LinkScanner Manual
Free Trial
Empty Cart Cart

 


 mountains

Threat Center Exploit Prevalence Report

Exploit Prevention Labs' Threat Center publishes a monthly Exploit Prevalence Report. This reports measures the top web-borne exploits based on real-world data. The results are derived from automated reports submitted by LinkScanner users in addition to information captured from the company’s network of hunting-pots.

The following is a summary of the top five most-reported web exploits as a percentage of overall exploit occurrences for March 2007:

Exploit  %   Description 
Modified MDAC 40.38 percent (New variant) MDAC refers to a creative method of using certain ActiveX controls in a context Microsoft did not originally intend. They instantiate an ActiveX control inside a web script that allows files to be written to the disk and executed. This MDAC is a modified version that originated in China.

Q406 Roll-up package

19.24 percent (35.17 previous)

Comprising up to a dozen exploits including Setslice, VML, XML and IE COM CreateObject Code, the package is usually heavily encrypted.
TROJAN FAKE CODEC 6.60 percent (new) This Russian social engineering tactic tricks people into downloading a rootkit by misinforming them they are downloading a simple codec when they attempt to view a video of Paris Hilton or Britney Spears.
ANI 5.28 percent (New) Originally developed by the group of hackers behind the Super Bowl World of Warcraft password stealer, the exploit takes advantage of Windows’ handling of animated cursor (.ani) files. It infects fully patched Windows XP SP2 machines running IE 6 or 7

WMF (CVE-2005-2124) with known payload

 5.28 percent (4.55 percent) Windows Metafile exploit from December 2005. Uses a little-known feature of Windows Metafiles to execute arbitrary code, including malware. The exploit, a genuine zero-day attack, was allegedly purchased for $5,000 from a Russian hacking group. Many months after Microsoft issued a patch, it’s still widely used by cybercriminals.

Note: Numbers above do not add up to 100 percent, due to the following lesser reported exploits: link to know Rootkitter (4.72% vs. new), IE VML Overflow (4.15% vs. 0.48), Iframers launcher script (3.96% vs. 4.78%), Search Engine Highjack (3.40% 4.07%), others (6.96%)

 

 

If you have further questions or can't find what you need, please contact us at info@explabs.com.

Anti Virus Software | Eset NOD32 | Kaspersky | Eset Smart Security | Spyware Removal Software | Spysweeper
Remove Adware |LinkScanner | LinkScanner Online | Firewalls | Outpost | SonicWALL | Disaster Recovery
Spam Blocker | Security Tools | Computer Security Tips | Layered Security Model | Security Software Resources
Solution Certifications | Trusted Reviews | Security Goal | Security Links
Partners | Press Releases | White Papers | About Us Home


Contact Software Security Solutions at (303) 232-9070
Site Map | Privacy Policy | Legal Notice | Home

© 2008 Software Security Solutions. All rights reserved.