Is Windows Security Actually Secure? - How Users are Being Compromised
(Page 3 of 4 )
The bad news is that the report found ahugeincrease in the number of security holes in software. Not only that, but there has also been a significant increase in the number of Internet threats encountered by consumers; particularly attacks in which browsers are hijacked and forced to download malicious programs as people surf the Web. Of all the news found in the report, that is perhaps the most troubling, as it is capable of affecting and interfering with the work of just about anyone who uses a computer on a daily basis, which is a great majority of us.
If you only visit a few “legitimate” trusted sites during the day, don’t feel as if you’re free and clear either. The report has even found that visiting trusted Web sites isn't always safe. As a matter of fact, it has been found that most Web-based attacks target visitors to legitimate Web sites that have been compromised and that either serve up malicious content to the visitor or embed a malicious and invisible iframe on the page that redirects the user's browser to another Web server under an attacker's control. Some of the common techniques used by attackers to compromise a website include exploiting a vulnerable Web application running on the server (by attacking through improperly secured input fields), or exploiting some vulnerability present in the underlying host operating system. In 2008 alone, there were 12,885 site-specific vulnerabilities identified, and 63 percent of those vulnerabilities documented affected Web applications.
In the case of a popular, trusted site with a large number of visitors, this type of exploitation can yield thousands of compromises from a single attack. For example, one attack that targeted the websites of both the United Nations and the UK government, among others, injected malicious code that was designed to load content from an attacker-controlled location into visitors’ browsers. Another separate attack successfully defaced the national Albanian postal service website! These kinds of clever attacks provide criminals with the perfect opportunity for distributing malicious code because they target high-traffic websites of reputable organizations.
According to Symantec’s distressing report, attacks are traded in underground channels, with people buying and selling software that automates attacks or even entire botnets of infected computers that serve as spam armies. Even more troubling, is has been found that the stolen data is then marketed and offered up with price lists and guarantees. Oddly, the price of stolen data remained the same in 2008 despite the fact that the economy took a nose dive, said Zulfikar Ramzan, a technical director at Symantec Security Response.
Web-based attacks are now the primary focus for malicious activity over the Internet. The continued growth of the Internet and the number of people increasingly using it for an extensive array of activities, such as online shopping or banking, presents attackers with a growing range of targets, as well as various means to launch malicious activity. Ironically, the top Web-based attack in 2008 exploited the Microsoft IE ADODB.Stream Object File Installation Weakness vulnerability, while the top attacked vulnerability was the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability.
Next: Other Findings >>
More Windows Security Articles
More By Joe Eitel
