Given the increase of malicious activity in the current threatlandscape, consumers need to be more cautious when browsing theInternet. Web browsers are now supporting an increasing number oftechnologies. The more a Web browser has to deal with, the more likelya security hole will be inadvertently coded into it. Therefore, it's nowonder attackers are targeting the growing number of vulnerabilities inWeb browsers.
Over the last six months of 2006 we have been tracking thedistribution of attacks targeting Web browsers. The results show thatMicrosoft’s Internet Explorer leads with an extremely large margin inthe number of attackers targeting it. The primary focus of attacksseems to target ActiveX controls; ActiveX controls are not strictly apart of the browser, but simply provide functionality that can be usedby the browser. This brings into question the security viability ofMicrosoft’s latest version of their popular browser Internet Explorer 7.
As spring quickly approaches, the Internet continues to grow into amore and more complex world driven by commerce. Businesses have longsince moved in and millions of dollars change hands every day online.Along with big business comes organized crime. Perhaps not necessarilythe organized crime immortalized in stories like The Godfather or The Sopranos,but Internet crimes are carried out in an organized way designed toconnect the theft of a single person’s user account credentials to abuyer on the mass market for illegal information. Throughout thisorganization, bots play the leading role.
Bots, once used primarily by their owners to carry out denial ofservice attacks driven by grudges, bragging rights, or politicalmotives, have been firmly incorporated into the toolkit of organizedcrime on the Internet. Bots can do pretty much anything: carry outattacks, host spam relays, carry out DoS attacks, host phishing sites,and log keystrokes on the computer they...
The Internet attack threat landscape has definitely changed. Long gone are the days when it was easy for bot network owners and script kiddies to run their favorite publicly available exploit for the vulnerability of the week. They could take control of as many computers as they bothered to take the time to attack. Really, the flurry of remotely available network-based vulnerabilities and their corresponding attacks that exploded in the first few years of the twenty-first century were culminations of the type of attack that was exploited by the Morris Worm, back in 1988. Microsoft Windows was the ideal target: coded for commercial purposes, security was still in its infancy and it was ripe for the harvest.
Today, perimeter security technologies, such as firewalls, are a part of the standard vocabulary of your average computer user. Microsoft even packaged one with their operating system and enabled it by default, quickly making opportunistic attacks...
