Exploit Prevention Labs | LinkScanner - Keep Your Surfing Safe

•	Threat Center Home
•	June 2007 Prevalence Report
•	May 2007 Prevalence Report
•	April 2007 Prevalence Report
•	March 2007 Prevalence Report
•	February 2007 Prevalence Report
•	January 2007 Prevalence Report
•	December 2006 Prevalence Report
•	November 2006 Prevalence Report
•	October 2006 Prevalence Report
•	September 2006 Prevalence Report
•	August 2006 Prevalence Report
•	July 2006 Prevalence Report
•	June 2006 Prevalence Report

Exploit Prevention Labs' Threat Center publishes a monthly Exploit Prevalence Report. This reports measures the top web-borne exploits based on real-world data. The results are derived from automated reports submitted by LinkScanner users in addition to information captured from the company’s network of hunting-pots.

Exploit Prevalence Results for the Month of July 2007
The following is a summary of the top five most-reported web exploits for July 2007:

Exploit	Rank last month	Percent of Overall Occurrences	Description
TROJAN FAKE CODEC	2	29.4% (21% previous)	This Russian social engineering tactic tricks people into downloading a rootkit by misinforming them they are downloading a simple codec when they attempt to view a video of Paris Hilton, Britney Spears or other celebrity videos.
Modified MDAC	1	22.6% (32.8% previous)	MDAC refers to a creative method of using certain ActiveX controls in a context Microsoft did not originally intend. An ActiveX control is instantiated inside a web script that allows files to be written to disk and executed.
WebAttacker 2.0	New	8.3%	A new exploit package consisting of MDAC and other zero-day exploits, Thompson is calling it Webattacker 2.0, because of its eerily similar distribution method to WebAttacker.
IE Com CreateObject code	5	6.8% (7.4% previous)	IE Com CreateObject was originally released in August 2006 as a proof of concept. The exploit creates a COM object in a mode that was never anticipated by Microsoft, and although it was intended for some useful purposes, the functions it enables are potentially dangerous in the hands of a cyber criminal such as saving files to the disk, or executing a file on the disk.
Q406 Roll-up package	New	5.5%	Comprising up to a dozen exploits including Setslice, VML, XML and IE COM CreateObject Code, the package is usually heavily encrypted.
Note: Numbers above do not add up to 100 percent, due to the following lesser reported exploits: Search engine hijack (5.4% vs. 3.74%), iFramers Launcher Scrip (2.9% vs 3.46%) WMF (CVE-2005-2124) with known payload (2.7% vs 3.07%) others (19%)