Old Browser Plug-ins Big Attack Target

Tuesday, August 16, 2011 @ 11:08 AM gHale

Out-of-date browser plug-ins are prime targets for cyber attacks against enterprise browsers.

Just take a look at Adobe Reader. The program is in 83% of enterprise browsers, and 56% of those installations are out of date, according to Zscaler’s State of the Web report for the second quarter of 2011 based on a review of enterprise web traffic flowing through the company’s cloud-based web and email security product.

Trojan Sticks it to Super Glue
Malware Feeds Off Slow Patching
Hershey Hacked; Recipe Altered
Moore’s Law-like: Malware’s Booming
Report: Malware, Targeted Attacks on Rise

“That is a huge attack surface….This is really what the attackers are going after”, said Michael Sutton, vice president of research at Zscaler ThreatLabZ.

The Blackhole exploit kit picked up on this and includes a variety of payloads designed to target recent Adobe Reader vulnerabilities, the report noted.

The State of the Web report also found Apple iOS has taken the lead in the workplace, with 42.4% of the mobile device usage on corporate networks, followed by Blackberry with 40.2% and Android with 17.4%.

Sutton, who is an author of the report, said iOS is a more secure platform than Android. “Looking at those trending numbers, enterprises can be a little more comfortable that they are focusing more on iOS than Android.” At the same time, he said Apple does not closely review applications available on the Apple Store for security problems.

The report found that social networking made up 53.3% of the browsed web applications in the enterprise. Webmail was second, with 15.7% of the browsed web applications, followed by instant messaging with 9.3%, streaming media with 7.55%, and web search with 2.26%.

In terms of security, “what companies have to do is inspect [social networking] traffic in real time. That is the only way you are going to keep up. If you try to block it, employees will find a way around it,” Sutton said.

In addition, the report found Zeus configured URL was the number one family of malware detected in the second quarter, followed by Grum/Tedroo spam trojan, trojan Brontok, trojan Sality, Cnzz/Baidu spyware, Rimecud worm, trojan Hiloti, Win32 Cycbot, trojan KLog, and hostile encoded JS (generic).

The report found the top five sources of malware in the second quarter were fake anti-virus landing pages, Blackhole exploit kit pages, malicious iFrame detected, Java game trojan downloads, and CVE-2010-0249 exploits.

Leave a Reply

You must be logged in to post a comment.