Analysis of an exploit pack: IE6 still most commonly exploited target
Security provider Prevx has published the statistics of a publicly available exploit pack . According to Prevx, the Fiesta 2.4 exploit pack, costing around $850, contains 25 different exploits designed to infect users with malware when they visit certain web pages. The exploits include modules for Adobe Reader, DivX, Yahoo Messenger, Quicktime, MSDAC and various ActiveX controls.
Of the 1422 users visiting the infected web page with Internet Explorer 6.0, about 30 per cent got infected with malware. For Internet Explorer 7, only 103 out of 1547 visits, or 6.6 per cent resulted in an infection during the monitored period. Only 13 users reached the specially crafted page using the beta version of IE8, but one of them still got infected.
According to the Fiesta 2.4 statistics, Opera and Firefox users faced a considerably lower risk. 172 out of a total of 2266 (7.5 per cent) Opera (versions 7.50 to 10) users ended up compromising their machines. Although Fiesta counted 4441 visits by Firefox users, not a single infection was registered. Prevx didn't comment about whether this was due to missing modules. This is highly probable, however, because according to the statistics, no infections were registered for Firefox 0.x, 1.x or 2.x – while there are numerous holes suitable for compromising a computer in all of these versions. Nevertheless, it seems that choosing an alternative browser is a good way of avoiding many attacks.