فا

‫ M86- Security labs report of second half of 2011

IRCRE201203090
 
 
The M86 Security Labs team prepared this report, which covers key trends and developments in Internet security from July–December 2011.
Many interesting trends emerged during the period, though some stood out as particularly noteworthy. Targeted attacks have grown even more sophisticated, with evidence that cybercriminals are pursuing not only commercial organizations, but government and infrastructure targets as well. Moreover, with the growing use of fraudulent and/or stolen digital certificates, these attacks have become more successful and evasive.
 
World Malware Map
 
The World Malware Map shows the distribution of malicious Web content around the globe. It pinpoints the location of the server which hosts the actual exploit or malicious content, which usually is different than the location of the compromised server. Often pages on compromised servers only include injected IFRAMEs that point to the other malicious servers where the actual exploits reside.
The U.S. continues to be the country that hosts the largest share of malicious Web content, hosting nearly half of the malicious content around the world (49.2%). A breakdown of the common exploits in the U.S. is provided in the “Geographical Distribution of Web Exploits” section. Russia hosts the second-largest number of malicious pages at 6.0%. The high quantity of malicious servers located in this country is not surprising because several groups that author and distribute malware, including exploit kits, operate from Russia. Sixty-three percent of the malicious content hosted in Russia is located in Moscow and its suburbs.
Germany hosted 5.9% of malicious Web content, where the most common exploits are for Internet Explorer (CVE-2006-0003), Java exploits (CVE-2010-1423) and Office Web Components (CVE-2002-0727).
China also hosts large amounts of malicious Web content (4.5%). The most common exploits in China target older versions of Microsoft Internet Explorer. According to public information, version 6 of Internet Explorer, which was released back in 2001, is still commonly used in China, and therefore is an excellent target for attackers there.
 
The countries hosting the largest shares of malicious Web content are:
 
Spam Volume Index Falls Further
 
Throughout 2011, the volume of spam continued to remain at low historic levels, reflecting substantial changes in the underground spamming ecosystem. M86 Security’s proxy for spam volume movements is the M86 Security Labs Spam Volume Index (SVI), which tracks changes in the volume of spam received by a representative bundle of domains. During mid-December 2011, the SVI bottomed out at around 1,000, half of what it was in June 2010, and at the lowest level we have seen since 2007, when the index was first used.
 
 
Despite the impressive volume, the wave did not last long. Beginning in November, there was a marked shift away from using email attachments to using links to malicious code hosted on the Web. The themes stayed the same (for example, ACH notifications), but the way the malware is delivered is different.
 
 
Increasing Use of Fraudulent Digital Certificates
One of today’s Internet challenges involves how to achieve trust between entities that need to communicate in a confidential way. One of the solutions is to use digital certificates that assert the online identity of entities taking part in Web transactions. Websites present certificates to prove their identities. Similarly, files can be signed with digital certificates to prove their origin.
Operating systems, browsers and other products allow the execution of software which is signed with valid digital certificates—without warning the users or asking their permission. This is why cybercriminals are so eager to steal and fake digital certificates—to allow the execution of malware on the victim’s machine without being noticed.
And indeed, although most Certificate Authorities (CAs) issue certificates according to standards and attempt to secure their infrastructures, several cases over the last few months demonstrated how fragile and deceptive this model could be.
 
  

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 21 اسفند 1390

دسته‌ها

امتیاز

امتیاز شما
تعداد امتیازها: 0