Web malware explodes
According to IBM research, the amount of malware targeting web browsers exploded in 2006 compared to previous years.
The study, carried out by IBM’s Internet Security Systems X-Force research team, found that Web-targeted attacks and scripting vulnerabilities saw a massive increase. There were 7,247 vulnerabilities disclosed, and 88 per cent of these were remotely exploitable by hackers.
The research found that 50 per cent of all websites hosting browser-targeted attacks used various obfuscation and encryption techniques to hide payloads from traditional detection techniques.
‘Malicious individuals have stepped up efforts to defeat traditional client-side protection systems to help sustain profitable cyber crime,’ said the reports authors said. ‘Divisions between classic threat types are becoming blurred making it increasingly difficult to address cyber threats.’
The report also found that malware is increasing in functionality and complexity. Downloaders dominated this area, comprising 22 per cent of total malware tracked. Worms such as Luder and Mytob continued to be a threat, while content-based malware has become one of the top threat risks to users and businesses.
Analysts at X-Force noted a five per cent increase in the number of vulnerabilities identified in April from the previous month. But there has been a seven per cent decrease in the number of vulnerabilities year on year for April.
The authors said that each vulnerability should be analysed along with the threat it posed.
‘Paying attention to only a few purchased or internally discovered vulnerabilities could lead to risks in the network environment,’ said the authors. ‘Vulnerability discovery, while important, is only one of many activities that should be performed to mitigate risk.’