Attack kits, shortened URLs fuel jump in web-based attacks, says Symantec

Symantec found that two-thirds of all web-based attacks were attributable to attack kits, which are software programs that enable even technically unsophisticated criminals to launch malicious attacks.

In addition, Symantec’s Internet Security Threat Report discovered more than 286 million new malware threats last year. This compares with 240 million new malware threats in 2009.

The report identified a number of trends in the threat landscape, including increases in the frequency and sophistication of targeted attacks on enterprises; a change in attackers’ infection tactics, increasingly targeting vulnerabilities in Java to break into traditional computer systems; and continued growth of social networking sites as an attack distribution platform.

Kevin Haley, director of Symantec Security Response, told Infosecurity that the increasing attacks against social networking sites were “not surprising since this is where the users are, so if you are looking to do mass propagation of a threat, the social network seems like a pretty good place to find people.”

Shortened URLs have become a popular way to launch social networking attacks. The report found that 65% of malicious links in social networking news feeds used shortened URLs. Of these, 73% were clicked 11 times or more, with 33% receiving 11 to 50 clicks.

“We have seen the increased usage of shortened URLs to try and hide the fact that a social engineering trick is being played and that a bad guy is attempting to send you to a site that either has spam or will infect you with malware….This has been a pretty effective way of fooling users and we expect to see a lot more of this in the future”, Haley said.

The report also found that the Phoenix toolkit was responsible for the most web-based attack activity in 2010. This kit, as well as many others, exploits vulnerabilities in Java systems, which accounted for 17% of all vulnerabilities affecting browser plug-ins in 2010.

Overall, there were 6,000 vulnerabilities in 2010, a “dramatic increase” from 2009, Haley said. At the same time, there were 14 zero-day vulnerabilities, a slight increase over the previous two years, he added.

In 2010, the report found 163 vulnerabilities in mobile platforms that could be used by attackers to gain partial or complete control over devices running popular mobile platforms. In the first few months of 2011, attackers have leveraged these vulnerabilities to infect hundreds of thousands of devices, the report found.

“We think that the real storm is coming….We believe that attackers are waiting for the financial motivation to move to cell phones, where they can make as much money by attacking cell phones as they can by using PCs to make money. The rest of the pieces are in place. You have mobile operating systems with broad adoption, and there are vulnerabilities in them”, he warned.

What’s hot on Infosecurity Magazine?