The number one web based attack of 2009 was Malicious PDF activity 49% of web based attacks–attempts to deliver malicious pdf content to victims through the web. The pdf attack is designed to exploit arbitrary vulnerabilities in applications that are able to process pdf’s. A successful pdf attack could compromise the integrity and security of affected computers. (Symantec Corporation, 2009)
The number two web based attack of 2009 was the Microsoft Internet Explorer ADODB.Stream Object file installation weakness. This exploit accounted for 18% of the total number of web based exploits for the year.This vulnerability allows hackers to install malicious files on a vulnerable computer when a user visits a website hosting an exploit. In order for this attack to be successful, an attacker must exploit an arbitrary vulnerability that bypasses Internet Explorer Security settings.Then the attacker can execute the malicious files that were installed by the initial security weakness. This vulnerability has been known since 2003, and patches have been released since 2004. This exploit exposes the fact that many computer systems were not being kept up to date. (Symantec Corporation, 2009)
The number three most common web based exploit of 2009 was the Microsoft Internet Explorer 7 uninitialized memory code execution vulnerability. This attack works by enticing a victim to open a malicious web page. Once a user opens the web page it gives the attacker the ability to execute remote code on the victims computer. Since this is a browser based attack, it gives the hacker potentially more targets than relying on a plugin that may not get installed. (Symantec Corporation, 2009)
The top 3 Malware attacks of 2013 were W32.Downadup, W32.Sality, and W32.Ramnit. Although their names all begin with W32., each bug has it’s own way of exploiting a system. Let’s take for instance the W32.Downadup. This worm has been around since 2008. This worm spreads by taking advantage of a remote code execution vulnerability found in Microsoft Windows server service RFC. This worm strives to block access to security related web sites while attempting to spread to protected network shares via brute force of weak passwords. The Security of the entire network is at stake with this worm. This virus demonstrates shows how important it is to keep servers and workstations updated with the latest virus definitions. (W32.Downadup.B, n.d.) The W32.Ramnit has been around since 2010. This worm is spread by infecting executable drives and removable drives. This malware steals bank usernames and passwords.
Having a security policy prohibiting personal drives from being used in the workplace is paramount. This type of attack could cause data loss if unmitigated. (Symantec Corporation, 2013) The W32.Sality is in my opinion the nastiest of all three bugs. What makes the W32.Sality particularly nasty is that it can infect executable files on local, removable, and shared drives. W32.Sality is known as an (EPO) or entry point obscuring polymorphic file infector. Essentially, it’s a sophisticate worm-like virus that ensures its survival by downloading other malware and disabling security software. One of the most damaging features of the W32.Sality virus is how it decentralizes peer to peer networks with sophisticated code instruction that populates the network with infected computers. (W32.Sality., n.d.)
W32.Downadup.B. (n.d.). Retrieved June 26, 2014, from http://www.symantec.com/security_response/writeup.jsp?docid=2008-123015-3826-99 W32.Ramnit. (n.d.). Retrieved June 26, 2014, from http://www.symantec.com/security_response/writeup.jsp?docid=2010-011922-2056-99 W32.Sality. (n.d.). Retrieved June 26, 2014, from http://www.symantec.com/security_response/writeup.jsp?docid=2006-011714-3948-99 Symantec Corporation. (2009). Symantec Global Internet Security Threat Report Trends for 2009. Mountain View: Symantec Corporation. Symantec Corporation. (2013). Symantec Global Internet Security Threat Report Trends for 2009. Mountain View: Symantec Corporation.