Web malware exploded in 2006
ISS X-Force report finds that malware targeting web browsers massively increased last year.
The amount of malware targeting web browsers exploded in 2006 compared to previous years, a new report said.
The study, carried out by IBM's Internet Security Systems X-Force research team, found that web-targeted attacks and scripting vulnerabilities saw a massive increase with 7,247 vulnerabilities disclosed that year, 88 per cent of these were remotely exploitable by hackers.
The research found that 50 per cent of all websites hosting browser-targeted attacks used various obfuscation and encryption techniques to hide payloads from traditional detection techniques.
"Malicious individuals have stepped up efforts to defeat traditional client-side protection systems to help sustain profitable cyber crime," said the reports authors said. "Divisions between classic threat types are becoming blurred making it increasingly difficult to address cyber threats."
The report also found that malware is increasing in functionality and complexity. Downloaders dominated this area, comprising 22 per cent of total malware tracked. Worms such as Luder and Mytob continued to be a threat, while content-based malware has become one of the top threat risks to users and businesses.
Analysts at X-Force noted a five per cent increase in the number of vulnerabilities identified in April from the previous month. But there has been a seven per cent decrease in the number of vulnerabilities year on year for April.
The authors said that each vulnerability should be analysed along with the threat it posed.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"Paying attention to only a few purchased or internally discovered vulnerabilities could lead to risks in the network environment," said the authors. "Vulnerability discovery, while important, is only one of many activities that should be performed to mitigate risk."
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.