WebAttacker

31.90%

WebAttacker is a Russian-built software application, first introduced about 20 months ago, which currently launches five different exploits, including the new IE VML Overflow, the new MDAC, a Firefox exploit, CreateTextRange, and an exploit for the Java Virtual Machine. Like a commercial software application, WebAttacker can be purchased online – but on underground hacker web sites - for between $20 and $300, and requires minimal technical sophistication to use. The application is updated every few months, just like legitimate commercial software, only it is crimeware. A new update of WebAttacker, incorporating the IE VML exploit, was released on Exploit Wednesday (the day after Patch Tuesday).

CreateTextRange (CVE-2006-1359)

15.87%

Released March 2006. This is a buffer overflow attack affecting Internet Explorer that enables the execution of arbitrary code, usually a downloader - a program whose job is to download and install another program such as a rootkit or a keylogger. Patched in April by Microsoft, this exploit remains a credible threat.

MDAC

12.94%

Although technically not an exploit, MDAC refers to a creative method of using certain ActiveX controls in a context for which Microsoft did not originally intend them to be used. They instantiate an ActiveX control inside a web script that allows files to be written to the disk and executed.

IE VML Overflow

10.79%

A buffer overflow exploit in the Vector Markup Language feature of the Internet Explorer browser that allows execution of arbitrary code. Security researchers believe it was released on the 13th or 14th of September, right after Patch Tuesday on the 12th. The exploit affects most versions of IE. Microsoft issued an out-of-cycle patch September 27.

TriMode

(6.32 percent vs. 2.74 previous)

A launcher script discovered by Exploit Preventions Labs on May 23, 2006. An encrypted script that attempts to launch three different exploits.