Adobe Reader and IE feel brunt of web-based malware
Symantec's latest annual report shows PDF-based attacks accounted for nearly half of all online attacks in 2009, with 240 million new threats identified in total.
Adobe Reader and Internet Explorer were the two most vulnerable programs as web-based attacks saw a dramatic increase in 2009, Symantec has revealed.
The security software maker's annual Internet Security Threat Report revealed that last year saw a 100 per cent rise in new malware year-on-year, with more than 240 million new malicious programs having been discovered. In addition, a new botnet-infected PC is discovered every 4.6 seconds.
The single most exploited vulnerability in 2009 was a hole in Microsoft's Windows SMB2, followed by vulnerabilities in Adobe's Reader and Flash Player, and issues with Internet Explorer 7.
The most popular method of attack was through PDF file downloads, which represented nearly half of all web-based attacks.
Symantec said that while Internet Explorer was the most vulnerable to attack, in many ways it was a victim of its own success. Indeed, the total of 45 reported vulnerabilities in Internet Explorer was less than a third of the 169 holes reported in Firefox.
"This shows that attacks on software are not necessarily based on the number of vulnerabilities in a piece of software, but on its market share and the availability of exploit code as well," the report read.
In addition, Symantec urged Apple to step up its efforts to combat the increasing number of threats targeting its Safari browser, with 94 new vulnerabilities having been discovered for the browser in 2009.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"It takes IE and Firefox less than a day of exposure before a patch is available, but it's about 13 days with Safari. Apple is going to have to catch up because that's quite a long time to be exposed," the company warned.
According to Symantec, hackers are increasingly using web browser plug-ins as a way into unsuspecting users' computers. It discovered 321 holes affecting browser plug-ins last year: 134 using ActiveX, 84 for Java SE and 49 for Adobe Reader. The figures actually represent a decline in the number of ActiveX holes, with the cross-platform nature of Java and Adobe Reader making them increasingly attractive to scammers.
Symantec put the significant increase in malicious software overall down to an increasingly organised and sophisticated underground market where criminals buy, sell and trade tools for putting together DIY online attacks. For example, the company found nearly 90,000 unique variations of the basic Zeus toolkit, available for as little as $700.
The US continues to lead the way as both the top country of attack origin and also the top country in terms of number of infected computers. China remained in second place, with Brazil emerging as a new malware hotspot in third place, illustrating a trend for hackers to increasingly base their operations in less developed countries, where laws and controls might be less well developed.
The steep rise in malware was driven largely by the growing popularity of easy to use toolkits that novice cyber criminals are using to turn out their own malware, said Tony Osborne, a technology manager for the public sector at Symantec.
Some of the kits were available for free, but others cost a lot of money, Osborne claimed. One, called Zeus, was available for around $700 (458) and many had become so successful that their creators now offer telephone support for those who cannot get them to work.
During 2009, Symnatec say more than 90,000 variants of the Zeus kit and it was responsible for the growth of one of the most prolific malware families during the year.
Zeus relies on spam to lure people to websites where victims will be tricked into installing malicious code or which sneaks on to a computer via a known vulnerability.
Often this can help criminals set up botnets - networks of hijacked home PCs that can be used to send spam or plundered for lucrative personal data, according to the report. In 2009, Symantec saw almost seven million distinct PCs that were members of botnets.