Report: Symantec says PDF readers and IE are biggest targets
According to a Symantec study, Germany is becoming the biggest disseminator of malware in Europe. The study shows that 12% of the malware circulating in Europe in 2009 was being actively disseminated by German computers, making it number one in the field, ahead of the UK (9%) and Russia (8%). Germany also leads the field in botnets, largely used for sending huge volumes of spam, where it has a 14% share of the worldwide total.
The ten largest botnets control at least five million compromised computers and are reported to be responsible for 85% of the 107 billion spam e-mails sent daily. The UK, by contrast, leads the field in attacks using fake websites, having knocked last year's leaders, the Ukraine, off the top spot.
According to the annual Internet Security Threat Report, in 2009, the vulnerability in Microsoft's implementation of the SMB2 protocol was one of the most frequently attacked vulnerabilities. This is a little surprising, since the problem was only present in Windows Vista, Server 2008 and the Windows 7 release candidate and it can only usually be exploited on a LAN, as all SMB-related ports are usually blocked by firewalls, meaning that remote attacks are usually impossible. Symantec suggests that the high figure can be put down to the inclusion of exploits for the vulnerability in many freely available penetration test tools.
Attacks via infected websites mainly made use of vulnerabilities in PDF readers, such as Adobe Reader, with 49% of all web-based attacks utilising infected PDF files. Coming in a distant second, with 18% of attacks, was an ADODB vulnerability in Windows – a vulnerability which is now seven years old. Third and fourth places were taken by vulnerabilities in Internet Explorer.
Symantec's experts have also discerned a link between cyber-crime and the presence of a well-developed broadband network. The report notes that Germany has a very well-developed internet infrastructure, with the highest level of broadband up-take in Europe. This may also account for the high proportion of phishing hosts (where criminals site temporary fake banking websites to attract victims) in Germany, which is the world number 2 in this field.
Countries such as Brazil, Vietnam and Russia, which are now starting to build fast broadband networks, have moved up the rankings for dissemination of malicious code. In these countries attackers can expect to find large numbers of unskilled and inexperienced users who are easily conned. Experts suspect that criminals may also be moving their activities to such regions to escape the enhanced level of counter-measures being undertaken by governments in the industrialised nations.
In producing the study, the specialists analysed data obtained by Symantec from millions of intrusion detection systems. The company also monitors communications from hackers and operates a number of honeypots. The complete report from Symantec is available to download: Symantec Global Internet Security Threat Report.
- Microsoft has known of the SMB2 hole for some time, a report from The H.