Mike Geide, senior security researcher for Zscaler ThreatLabZ, cautioned that users of Zulu send suspicious websites to be tested, so the results are likely to be skewed from the general website population. “Keep in mind that the service is meant to be receiving suspicious websites and reporting results on those sites”, he told Infosecurity.
The State of the Web report found that users are slow to update browser plug-ins and attackers know it, as witnessed by the Flashback Trojan, which infected over 650,000 Macs leveraging a Java vulnerability. However, the situation is improving. In the second quarter, 35% of installed Adobe Shockwave plug-ins were outdated, down from 52% in the fourth quarter of 2011.
Adobe Acrobat was the worst in terms of updating, with close to 62% of plug-ins being outdated in the second quarter, followed by Adobe Shockwave with 38%, Microsoft Outlook with 5.7%, and Adobe Flash with 4.3%.
“Outdated plug-ins are vulnerable to exploitation, and the bad guys know that”, Geide observed.
Zscaler also identified a number of prominent websites – online ticket seller cleartrip, Computerworld Mexico, and the French Minister of Budget – that were compromised, redirecting visitors to malicious content.
“We noticed that we had some signatures triggering on those pages. We were blocking transactions to those sites. When we dug in to find out what was going on, we found that they had been compromised and were redirecting traffic to an attacker’s website that contained an exploit kit”, Geide noted.
In addition, the report found that social networking sites accounted for 4% of the websites blocked by enterprises at the end of the first quarter, up from only 2.5% at the beginning of the quarter.