New Research Details Web-Based Threats Targeting End Users; Includes Sophisticated Search Engine Optimization Attacks, and Fake Anti-Virus Installs

By Stephanie Jordan
in

The Q1 2010 State of the Web report, released this week by Zscaler offers opinions on the enterprise threat landscape and various threats targeting Internet end-users. In its report, Zscaler’s research team details several growing threat vectors, including attackers leveraging search engines and growing fake anti-virus threats.

One disconcerting finding is that even as we are aware of the threats, they continue on. Michael Sutton, vice president of security research at Zscaler, comments that “not only are attacks getting more and more sophisticated and targeted, but knowledge of them—such as the big botnets—isn’t making them go away.”

Among the numerous findings in the report, a few top ones include:

  • Google services (search, Gmail, blogs, groups, etc.) are topping the list of threats that result in malicious software being downloaded and installed without end-users’ knowledge or consent.
  • End-users are falling prey to numerous social engineering schemes; at the top of the list, 13.58 percent are aggressively being tricked into running fake anti-virus. 
  • The Eleonore exploit kit makes up roughly 5 percent of browser exploits and growing.
  • Phishing exploits in the huge ponds of Facebook and World of Warcraft (WoW) are yielding big catches.
  • Mature botnets, such as Monkif, Torpig, Zeus and Koobface, continue to survive and thrive in spite of industry awareness and efforts to thwart them.
  • Zero-day vulnerabilities are forcing enterprises to abandon IE6, but usage of the nine-year-old Web browser still remains unacceptably high.
  • Big news events throughout the quarter, including the tsunami in Chile, Apple’s iPad release and Toyota’s massive recall, were efficiently leveraged by attackers for the purpose of social engineering.
  • A graphical Hilbert Curve representation of the Web shows that despite reports stating we’re running out of IPv4 address space, much of the Internet actually remains untouched.

“Attackers are continuing to refine their methods and when opportunities arise, they are able to deploy effective attacks within minutes,” explains Sutton. “Whether employing black hat SEO tactics, infecting legitimate sites or spreading fake anti-virus software, they are repeating practiced and automated attack techniques that are succeeding with frightening efficiency.”

 

Published May 26, 2010