Java to be the Top Attack Target in Q3-2012
In the Q3-2012 release of malware Threat Report, Oracle's Java platform was reckoned to be the most famous target.
According to the security firm, Kaspersky, 56% of all the online attacks in its security network hunted un-patched Java flaws as a doorway to malware attacks.
Researchers however hold the view that the popularity of Java along with factors like the lack of a set update schedule or automatic installation mechanism aided the language to become a target for malware writers and automatic exploit kits.
Oracle claimed that around 1.1 Billion of computers have obtained the installation of various versions of these vulnerabilities. Further, the updates of this software are installed on demand rather than automatically, which increases the lifetime of vulnerabilities, as per Kaspersky researcher, Yury Namestnikov, as published by v3.co.uk on November 2, 2012.
Also, the Java exploits are adequately easy to utilize under any Windows version and with some additional work by cybercriminals as in the case of Flashfake, cross-platform exploits can be formed.
In the meantime, Adobe's Acrobat Reader secured the second position according to the study, in terms of vulnerable applications targeted by the exploits during the third quarter, accounting for 25% of all the malicious attacks.
Unremitting growth of cyber-espionage is yet another feature noted by Kaspersky. The third quarter witnessed an excess of espionage-related incidents according to Kaspersky. Madi, Gauss, and Flame were the most noteworthy malware activities mostly distributed in the Middle-East.
The C&C server development of Flame started in the early 2006 and it is one of the most extensively analyzed malware systems. Analyzing the comments left in the source code, it can be said that at least four programmers developed the project. Three communication protocols support the C&C code. However, one of the most important finding indicates its ability to handle request from four malicious programs, codenamed by the authors including SP, SPE, FL and IP. Among them, only Flame and SPE (i.e., MiniFlame) have so far been identified.
Thus, from the present analysis in the report, Kaspersky denoted that the story of cyber-espionage is set on a domineering phase to continue in near future as well.
Related article: Job Hunters Conned By Mystery Shopping Scammers
» SPAMfighter News - 08-11-2012