Blog
Previous Posts
November 2006| 11/22/2006 | MOTW: Gobble, Gobble » |
| 11/20/2006 | MOTW: Exposing Web Exploits » |
| 11/10/2006 | MOTW: Web-Attacker Exposed » |
| 11/01/2006 | Month of Bugs... Kernel Style » |
+ October 2006
+ September 2006
+ August 2006
+ July 2006
+ June 2006
These zero-day attacks represent a serious threat to users. However, this post will not be getting into specifics on zero-day attacks or the current problems caused by exploit code being released pre-mitigation. Our U.S. Thanksgiving Malcode of the Week entry is going to take a look into the fact that many users are not patching at all.
In most cases, Proof-of-Concept (POC) exploit code gets released in conjunction with, or shortly thereafter, zero-day announcements are made (see last week’s post for details there). This usually results in months of copy-cat attacks that still work well against un-patched machines. It is not uncommon for us to see web exploit code that is utilizing vulnerabilities that were patched years ago.
A recent investigation into our web server logs revealed that around 7% of all visitors to our web site were using a browser that was vulnerable to some sort of attack. Browser identification via user-agent strings may not be completely accurate, but it does give a rough idea of how far behind some people are. 7% may not be a large percentage, but it still represents a frighteningly large number of individuals.
For more in-depth statistics on what exploits are working, we turn once again to Web-Attacker. We compiled statistics from a number of live Web-Attacker installations and then excluded vulnerabilities for which patches were available. The graph below represents the percentage of users in each country that were successfully exploited by a vulnerability that had been patched long before their computer was compromised. This is particularity interesting as it could allow attackers to regionalize their attacks, targeting specific countries/regions with exploits designed for their browser/OS types.
Note: Only countries with a significant number (> 250) of infections are included.
Statistics like these make it clear that zero-day attacks are not the only weapons utilized by attackers. Several years from now, there will still be malicious code out there attempting to exploit today’s zero-day vulnerability and there will still be an un-patched computer somewhere just waiting to be compromised.
So, between turkey bastings, go make sure your computers are patched (and keep them that way)!
Happy Holidays Everyone.
