|
Exploit Prevention Labs' Threat Center publishes a monthly Exploit Prevalence Report. This reports measures the top web-borne exploits based on real-world data. The results are derived from automated reports submitted by LinkScanner users in addition to information captured from the company’s network of hunting-pots.
The following is a summary of the top five most-reported web exploits as a percentage of overall exploit occurrences for April 2007:
| Exploit |
% |
Description |
Link to known exploit site |
27.42 percent (new) |
Not an exploit per se, Link to known exploit site is simply an attempt to link to a known exploitive site. There are several known sites and it is the aggregation effect rather than the actual potential for damage that has pushed it to the top of the list. |
| Modified MDAC |
23.92 percent (40.38 previous) |
MDAC refers to a creative method of using certain ActiveX controls in a context Microsoft did not originally intend. An ActiveX control is instantiated inside a web script that allows files to be written to disk and executed. |
ANI |
11.9 percent (5.28 previous) |
Originally discovered and used by a group of Chinese hackers, the exploit takes advantage of Windows’ handling of animated cursor (.ani) files. It infects fully patched Windows XP SP2 machines running IE 6 or 7. |
Q406 Roll-up package |
9.33 percent (19.24 previous) |
Comprising up to a dozen exploits including Setslice, VML, XML and IE COM CreateObject Code, the package is usually heavily encrypted. |
WebAttacker 2.0 |
9.1 percent (new) |
A new pre-package of current exploits, WebAttacker 2.0 uses similar distribution methods to earlier WebAttacker output. Hackers can purchase the package on underground markets and use it just like commercial software. |
Note: Numbers above do not add up to 100 percent, due to the following lesser reported exploits: TROJAN FAKE CODEC (3.27% vs. 6.6%), Iframers launcher script (2.45% vs. 3.96%), NeoSploit (2.1% vs 0.32%), link to known Rootkitter (1.98% vs. 4.72%), others (6.96%)
|
