Despite improvements in secure operating systems and security software, most users’ PCs contain on average around 12 different vulnerabilities, according to a Kaspersky Lab Q2 threat study.
During the second quarter of 2011, Kaspersky Lab researchers detected more than 27 million vulnerable applications and files based on data acquired from their customer base, with every PC containing an average of 12 different vulnerabilities.
These and other findings were disclosed in a Kaspersky Labs’ IT Threat Evolution Q2 2011 report , which explored the rapidly evolving security threat landscape and salient malware trends over the last three months.
Adobe flaws comprised the vast majority of the 10 most common vulnerabilities, followed by Oracle-Sun-Java glitches. Seven of the top 10 vulnerabilities were found in Adobe Flash Player.
A buffer overflow vulnerability in Adobe Reader and Acrobat SING, given the highest severity ranking of "extremely critical," was by far the most common flaw, appearing in 40 percent of users’ computers. The flaw allowed hackers to gain access to a victim’s computer remotely and execute malicious code with full user privileges.
The Reader/Acrobat flaw was followed by a “highly critical” Sun Java JDK bug, plaguing 31 percent of users, which allowed attackers to gain access to a system to execute information-stealing malware, expose sensitive information, manipulate data or launch denial of service attacks.
An Adobe Flash flaw came in third place affecting 24 percent of users, which, as with most critical flaws, enabled miscreants to infiltrate an affected system and launch malicious attacks designed to take complete control over a user’s computer.
The report noted that for the first time, the top 10 vulnerability list featured products from just two companies: Adobe and Oracle, and excluded Microsoft offerings. “This is due to improvements in the automatic Windows updates mechanism and the growing proportion of users who have Windows 7 installed on their PCs,” Kaspersky Lab researchers said in their report.
Kaspersky Lab researchers noted that seven of the 10 found vulnerabilities were detected this year, while the remaining three were discovered in 2010. Meanwhile, no vulnerabilities from 2007 and 2008 still were still listed in the Top 10. Researchers attributed the dwinding older vulnerabilities to the increasing displacement of Windows XP and Vista systems by Windows 7, which among other things, offers improved automatic security updates.
Other report findings included:
Rise In FakeAV: Another finding in the report was the uptick in fake antivirus programs, especially those targeting the Mac OS X platform. The study found that fake antivirus programs grew by 300 percent. Researchers said to expect more sophisticated and dangerous Mac OS malware to appear in the near future.
Rapid Growth Of Malware For Mobile Platforms: In particular, cyber criminals are writing malicious programs for J2ME and Android, with malware doubling for J2ME and tripling for Android from Q1. Cyber criminals are writing malware that leverages premium-rate SMS numbers and subscriptions to paid services to pilfer money from users’ accounts.
Political Hacktivism Continues:Hacker groups such as Anonymous and LulzSec have fueled the trend of hacking into websites and databases with the aim of sending a political message. Meanwhile, the number of hacktivists is growing due to the fact that hackers can launch attacks anonymously without fear of legal consequences.
