Exploiting Vulnerabilities To Infect Computers Has Become A

Exploiting Vulnerabilities To Infect Computers Has Become A Priority For Cyber-Crooks, Reports Panda Software

Published 19th September 2006

There are an increasing number of vulnerabilities detected that allow attackers to take remote-control of compromised computers, increasing the chances of users falling victim to online fraud and identity theft...

Last week three new vulnerabilities (MS06-052, MS06-053 and MS06-054) were detected which could allow remote attackers

Over the last few months we have witnessed a notable increase in exploits of security problems in commonly-used programs that could allow remote attacks by cyber-crooks. This situation is due to the new malware dynamic in which the main objective is financial gain. Internet criminals are concentrating their efforts on discovering and exploiting security problems that allow them to harvest as much confidential user data as possible. This data is then used for online fraud and identity theft.

In particular, criminals are on the lookout for vulnerabilities in applications installed on millions of computers. Last week for example, Microsoft released the MS06-052, MS06-053 and MS06-054 patches corresponding to security problems in products such as Internet Explorer or Microsoft Office.

According to Luis Corrons, director of PandaLabs: “Cyber-crooks are more active than ever when it comes to exploiting new vulnerabilities. However, as this is not causing large-scale epidemics that attract the attention of the media, users are largely unaware of the seriousness of the problem and are frequently lax when it comes to updating their systems. This in turn makes life yet easier for the criminals.”

One notable example of the new malware dynamic is the MS06-040 vulnerability, perhaps the most serious of those detected recently. It only took a few hours until the Oscarbot.KD worm started to exploit it. The aim of this worm was not to spread to millions of computers in just a few minutes, but to allow an attacker to take all sorts of actions infected computers.

“Many of the vulnerabilities detected are being exploited by targeted attacks, i.e, attacks designed to affect one or maybe a handful of specific users. This often involves using personalized social engineering techniques to trick a user into running an infected file,” adds Corrons.

Targeted attacks are just one of the problems in the current Internet threat panorama. As these attacks frequently use malicious code designed à la carte and sent to a limited number of potential victims, users are generally unaware of their presence, and as they remain hidden on systems, security companies are also oblivious to them and cannot therefore generate the corresponding vaccines.

“At present, proactive technologies which can detect threats without the need for updates are a vital component for protecting computers. It is also essential to visit the web pages of software developers from time to time to ensure that applications on your computer are up-to-date,” explains Corrons.

To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.activescan.com. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters/

More information about the vulnerabilities and malicious code described above is available from Panda Software’s Encyclopedia.