Over 50% of Enterprise Users Work with Expired Adobe Reader Versions, Reports Zscaler

Zscaler the cloud security vendor recently published its security research paper titled "State of the Web Report for Q2-2011" according to which, 56.46% of computer-users within enterprises work with outdated versions of Adobe Reader causing them to become targets of client-side crime toolkits like the Blackhole Exploit Toolkit that's used for exploiting security flaws within Java and Adobe Reader.

Articulating at this juncture, Vice-President Security Research Michael Sutton at Zscaler stated that for maintaining security, updating and patching software applications were most important because the current assault trends focused on hijacked expired plug-ins. Indeed, large-scale hacking assaults hitting the news recently apparently had been occurring via hijacking merely one plug-in affecting a company, he recalled. ZDNet.com published this on August 9, 2011.

Sutton further stated that unsurprisingly, online-miscreants adapted very fast. Essentially, it was because of exploitation kits aiding in developing web-oriented malicious software of modular nature that it was possible to increase attack codes for striking certain exploitation medium during a given period. Within the current instance, cyber-criminals would abuse the outdated Adobe Reader during the intervals of the remaining client-side attack codes they'd obtain, he added.

Moreover, according to the new research paper, traditional PC-viruses keep on being a danger for businesses, while they attempt fresh twists for foiling conventional anti-viruses and their signature scans. For instance, all through Q2-2011 the JS/Crypted Trojan virus represented that signature which was blocked most number of times. This signature recognizes client-side assaults along with malware staying concealed inside encrypted JavaScript for escaping notice.

Furthermore, during Q2-2011, security software blocked one transaction in an aggregate of 500. Recently, Zscaler also observed that the efficacy of standalone AV scrutiny was declining while attackers kept on abandoning binary-based assaults while opting for web-based ones such as JavaScript, which were dynamic as also were commonly inserted into authentic websites that had been compromised. Additionally, among the total malevolent blockages witnessed during Q2-2011, 8.14% were contaminated websites prevented via inspection of real-time content.

Finally the research paper as well outlines deceptive-diversion from contaminated nodes onto vibrant attack sites serving like one more prominent reason for the rise in malware during Q2-2011.

Related article: Opera 9.1 Browser Introduces phishing Alert

» SPAMfighter News - 8/19/2011