Exploit Prevalence Survey Released

Engineering attacks on the rise with fake codecs and storm botnet spam

Dark Reading Staff, Dark Reading

September 5, 2007

2 Min Read
Dark Reading logo in a gray background | Dark Reading

ATLANTA -- Exploit Prevention Labs, developer of the LinkScanner line of safe surfing software that protects against exploits, phishing, and other social engineering attacks, today released the results of its Exploit Prevalence SurveyT for July and August. Now in its second year, the Exploit Prevalence

Survey is the industry's only survey to use real-world data to definitively measure the impact of the most widespread web-borne exploits. Results are derived from automated reports submitted by LinkScanner users combined with data collected from all levels of the company's multi-faceted research network.

According to Roger Thompson, co-founder and CTO of Exploit Prevention Labs and the manager of the monthly Exploit Prevalence Survey, one of the more interesting trends to emerge over the summer has been the increasing use of social engineering tactics to spread exploits.

The most notable example has been what Thompson calls the TROJAN FAKE CODEC,

which held the number one position as most widespread exploit for both July and August. Web surfers are offered free videos of famous celebrities such as Britney Spears and Paris Hilton, but when they click a link to view the video, they're presented with a popup box that tells them they need to download a codec (software required to download and view streaming media) to view the video. What actually happens is that the user's PC is infected with a drive by-download of a rootkit that conceals running processes, files or system data, helping the intruder to access the user's system without their knowledge.

The people behind the ongoing Storm botnet, a network of thousands of innocent personal computers commandeered to transmit spam, have also been leveraging social engineering tactics to dupe surfers into downloading malicious exploits.

"In July, we began to see a new surge of greeting card scams, in which users

are invited to click on a hyperlink to view an e-card from someone who claimed to know them," said Thompson. "But when users clicked on the link, they were

instead taken to a malicious web page that attempted to download the Q4 Rollup exploit, an encrypted cocktail of a dozen different exploits. Unpatched machines are then sucked into the botnet, where they are transformed into spam zombies that attack other web users with floods of traffic, or they're infected with

rootkits planted by the bad guys."

Exploit Prevention Labs

Read more about:

2007

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Pegasus Spyware concept with binary code background
Endpoint Security
WhatsApp: NSO Group Operates Pegasus Spyware for CustomersWhatsApp: NSO Group Operates Pegasus Spyware for Customers
byJai Vijayan, Contributing Writer
Nov 18, 2024
4 Min Read
Laptop with Palo Alto networks logo
Cyberattacks & Data Breaches
Palo Alto Networks Patches Critical Zero-Day Firewall BugPalo Alto Networks Patches Critical Zero-Day Firewall Bug
byBecky Bracken, Senior Editor, Dark Reading
Nov 18, 2024
3 Min Read
ChatGPT, typed out on a screen
Сloud Security
ChatGPT Exposes Its Instructions, Knowledge & OS FilesChatGPT Exposes Its Instructions, Knowledge & OS Files
byNate Nelson, Contributing Writer
Nov 15, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events