Failure to patch third-party applications is the main reason Windows machines suffer from malware infections, a new study said.
Drive-by download attacks from hacker-controlled websites loaded with exploits replaced infected email attachments as the main distribution method for malware somewhere between three to five years ago. At the start of this period browser exploits were the main stock-in-trade for VXers but this has changed over time, a study by Danish security firm CSIS showed.
Up to 85 percent of all virus infections happen as the result of drive-by attacks served up via commercial exploit kits, said CSIS, a security consulting firm that focuses on e-crime research. The company monitored the behavior of 50 different exploit kits over a period of three months, analyzing the causes of infection of commercial and consumer systems.
The study discovered that 31.3 percent of 500,000 users exposed to exploit toolkits were secretly force-fed malware as a result of missing security updates.
Systems running vulnerable versions of Java JRE, Adobe Reader and Acrobat, and Adobe Flash were particularly at risk of attack. Vulnerabilities in Internet Explorer were in 10 percent of attacks. By contrast, Java flaws (37 percent), Adobe Reader/Acrobat (32 percent) and Flash (16 percent) were far more productive routes to exploit. Apple QuickTime holes were in two percent of attacks. Infected systems are typically loaded with quite a bit of malware, including fake anti-virus software and information-stealing spyware.
CSIS concludes that “99.8 percent of all virus/malware infections caused by commercial exploit kits are a direct result of the lack of updating five specific software packages.”
Anti-virus still has a role to play in guarding against malware infection while stressing the point that relying on security software without improving patching practices is bound to result in trouble, said CSIS Researcher Peter Kruse.