NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0307 Hackers Target Browser Plug-ins:


Hackers unleashed a record number of malicious code threats in the first six months of 2007, according to Symantec Corporation, with the most dangerous targeting vulnerabilities in browser plug-ins - the weak link in Web2.0. The vice-president of engineering for Symantec's security response group said "Web2.0 is barely coined [as a term], and we're seeing hundreds of vulnerabilities aimed at it." They report, there has been a massive increase in the number of malicious threats, thanks to automation. In six months, an increase of 185% was seen in the number of samples of malicious code. And they weren't just variants, but entirely new binaries. Accroding to Symantec's just-published Internet Security Threat Report, the security vendor tagged 212,101 malware threats during the six-month stretch from January to June 2007. Trojans made up the majority of the top 50 threats. Broswer plug-in issues went through the roof. Symantec documented 237 plug-in vulnerabilities in the first half of the year, compared with just 74 in the second half of 2006, a 320% jump. ActiveX controls, Microsoft's plug-in technology that it and numerous third-party developers use, made up the bulk of the buggy plug-ins, but others, including Apple Inc.'s QuickTime and Adobe Systems Inc.'s Acrobat Reader. The former accounted for 18 vulnerabilities in the first six months, for example, while two flaws were identified in the latter. The Symantec report, which is published twice annually, can be downloaded from the company's site.

(ComputerWorld 17SEP07)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Saturday, 27-Oct-2007 18:41:12 EDT