Internet Explorer and Adobe Reader - Most Targeted by Online Attacks

Security firm Symantec has highlighted that Internet Explorer and Adobe Reader remained the two programs that were most exposed to the online attacks, as dramatic surge was noticed in these attacks in 2009, as per the news published by TechCentral.ie on April 20, 2010.

The Annual Internet Security Threat Report from the firm revealed that the bug in the implementation of SMB2 protocol of the Microsoft was among the most often abused flaws in 2009; Adobe's Reader and Flash Player and Internet Explorer 7 related issues followed it.

It is notable that the problem affected only Windows Vista, Windows 7 and Server 2008 versions and, in most of the cases, it can only be abused on a Local Area Network, since SMB-related ports are generally blocked using firewalls, indicating almost zero possibility for remote attacks. Thus, it seems a bit surprising.

PDF file downloads were reported as the most common method employed for these assaults, as they represented nearly 50% of all online attacks. This is followed by 6 attacks on Internet Explorer, 2 on MPEG2 ActiveX Controls and 1 on Adobe SWF (Shockwave Flash).

However, despite being the most frequently targeted browser, Internet Explorer was reported with 45 vulnerabilities, against 169 vulnerabilities detected for Firefox.

The Symantec report also stated that the data clearly shows that it's not necessarily the number of vulnerabilities in software, but its position in the market and the availability of exploit code that determine the level of attacks on that software.

The security firm has also listed 321 bugs in browser plug-ins in 2009: 134 in ActiveX technologies, 84 in Java SE (Standard Edition), 49 for Adobe Reader, 27 in QuickTime, 23 in Adobe Flash Player, and 4 in Firefox extensions.

Making a special appeal to Apple, Symantec advised the former to enhance its efforts to fight with the increasing volume of threats attacking Safari browser, as 94 new vulnerabilities have been detected in the browser in 2009.

Symantec noted that it takes Apple around 13 days to issue a patch for Safari, while with Firefox and Internet Explorer it's just few hours of exposure before a patch is released.

Related article: Internet Threat Volumes Overwhelm Security Companies

» SPAMfighter News - 5/4/2010