Out-of-date browser plug-ins are attractive targets for cybercriminals

For example, Adobe Reader is installed in 83% of enterprise browsers, and 56% of those installations are out of date, according to the report, which is based on a review of enterprise web traffic flowing through Zscaler’s cloud-based web and email security product.

“That is a huge attack surface….This is really what the attackers are going after”, commented Michael Sutton, vice president of research at Zscaler ThreatLabZ.

The Blackhole exploit kit has picked up on this and includes a variety of payloads designed to target recent Adobe Reader vulnerabilities, the report noted.

The State of the Web report also found that Apple iOS has taken the lead in the workplace, with 42.4% of the mobile device usage on corporate networks, followed by Blackberry with 40.2% and Android with 17.4%.

Sutton, who is an author of the report, told Infosecurity that he believes that iOS is a more secure platform than Android. “Looking at those trending numbers, enterprises can be a little more comfortable that they are focusing more on iOS than Android.” At the same time, he is concerned that Apple does not closely review applications available on the Apple Store for security problems.

The report found that social networking made up a whopping 53.3% of the browsed web applications in the enterprise. Webmail was a distant second, with 15.7% of the browsed web applications, followed by instant messaging with 9.3%, streaming media with 7.55%, and web search with 2.26%.

In terms of security, “what companies have to do is inspect [social networking] traffic in real time. That is the only way you are going to keep up. If you try to block it, employees will find a way around it”, Sutton commented.

In addition, the report found that Zeus configured URL was the number one family of malware detected in the second quarter, followed by Grum/Tedroo spam trojan, trojan Brontok, trojan Sality, Cnzz/Baidu spyware, Rimecud worm, trojan Hiloti, Win32 Cycbot, trojan KLog, and hostile encoded JS (generic).

The report found that the top five sources of malware in the second quarter were fake anti-virus landing pages, Blackhole exploit kit pages, malicious iFrame detected, Java game trojan downloads, and CVE-2010-0249 exploits.

“Several high-profile hacks and attacks were performed last quarter based on these methods, including the attack against the usps.gov website in which encoded JavaScript was used to inject an iFrame to redirect browsers to a site hosting malware from the Blackhole exploit kit”, the report noted.

Also, Zscaler found that the JS/Crypted was the top virus signature blocked. This signature family identifies client side attacks and malware hiding within encrypted JavaScript in order to avoid detection.

In the second quarter, Zscaler saw the following trends in common exploit kits: traditional virus signatures, obfuscated with JavaScript, shellcode in and outside of JavaScript, and malicious redirection from infected endpoints to dynamic attack pages

The Zscaler report found that the top 10 malicious sites for the second quarter were trafficconverter.biz (Conficker infection); muza-flowers.biz (Rustock infection); h1.ripway.com (AutoIt/AutoRun infection); acreunagoias.com.br (Bancos infection); gwc2.wodi.org (Lukicsel infection); cf.mimagoo.com (Adware DuckPlay installed); code.etracker.com (W32 Virut infection); xml.sahcdn.com (ShopAtHome Adware installed); clckil.com (TDL/TDSS infection); and ha81naoo0o0.com (FakeAV infection).

What’s Hot on Infosecurity Magazine?