Contributor: Sean Hittel
In the latest edition of the Threat Intelligence Report, we take a look at how Web attack toolkits are one of the largest risks to Internet security out there today. But unlike viruses, Trojans, and worms, they’re not a threat to an end-user in the traditional sense. Attack toolkits are more akin to a pizza delivery service. Only in this case the “pizza” is malicious code and the “customer” is the unsuspecting, and often unpatched, user.
Attack toolkits are a means of delivery for malicious code, and a very effective one at that. As we mentioned in volume 17 of the Internet Security Threat Report, Web attack toolkits made up almost two-thirds of all malicious activity on malicious websites in 2011. And that number continues to rise—there are currently three times as many Web attacks occurring right now than there were on average during the last half of 2011.
While the numbers are up across the board, the players in the game have changed somewhat. We still have our heavy hitters, such as Blackhole and Phoenix, but some of the bigger toolkits have all but disappeared since last year—NumDir and QQK for instance.
By far, the undisputed champion of attack toolkits is Blackhole, responsible for close to half of all recorded attacks. At some point in the last six months various toolkits have challenged, but Blackhole remained on top almost the entire time—at one point making up for close to 80 percent of all attacks.
It’s not just the end-user who is impacted by attack toolkits. In the Threat Intelligence Report, we highlight how personal and small business websites—if your webserver isn’t properly patched and secured—could play host to an attack toolkit. In fact, just last week reports surfaced of attackers compromising unpatched servers and installing the Blackhole attack toolkit on these systems.
This month’s Threat Intelligence Report also discusses how attack toolkit exploitation mechanisms have evolved over time, along with many other topics. You can download a copy of the report now.