September VML Attacks Come A Cropper
San Mateo, Calif. and London-based ScanSafe said its September statistics showed a dramatic drop-off in viruses and other malicious code for the month, even though there were numerous high-profile vulnerabilities disclosed by Microsoft.
"With all the recent attention on Microsoft vulnerabilities and zero-day exploits, we thought we'd see an increase," said Eldar Tuvey, ScanSafe's chief executive, in a statement. "Despite the hype, a mass outbreak did not occur in September. In fact, none of the top-10 Web viruses blocked by ScanSafe during the month were exploits of Microsoft vulnerabilities uncovered in September, including the much publicized VML vulnerability."
The VML (for Vector Markup Language) exploit first made news Sept. 19; Microsoft reacted to the threat by releasing an out-of-cycle patch for its Internet Explorer browser a week later.
"While these [VML] vulnerabilities were exploited, the exploits did not occur in high volume," added Tuvey.
Of the 158 pieces of malware blocked by ScanSafe's managed security service, 22, or 14 percent, were exploits against unpatched vulnerabilities. These "zero-day" exploits are considered the most dangerous.
But although malware was down, spyware and adware were up, said ScanSafe, to the tune of a 21 percent jump. "There is seasonality to Web viruses and spyware," Tuvey said. "We fully anticipate a jump in malware as consumers go online to start their holiday shopping."