The Last Watchdog

‘Fuzzing’ triggers spike in targeted attacks

Posted on | March 19, 2008 | add a comment

My story today on targeted attacks points out how this phenomenon is occurring on two levels. What I would describe as lower level crime groups are focusing on patrons of companies and organizations with juicy databases, like Monster.com, the FTC and salesforce.com.

Meanwhile, elite crooks, with big R&D budgets, are using fuzzing tools to flush out zero-day holes in Office, Quicktime, Adobe Reader, etc., then going the extra mile to isolate key individuals to receive tainted files, carefully crafted to look relevant to the target. Secunia CTO Thomas Kristensen graciously provided these telling metrics showing the number of vulnerabilities discovered since 2006:

Security holes found since 01/01/2006

Windows XP: 115:
Windows 2000: 90
IE: 90
Quicktime: 65
Java: 55
Microsoft Excel: 47
Windows Vista: 39
Microsoft Word: 33
Winamp: 25
Microsoft Outlook: 22
Adobe Flash: 21
Mocrosoft Powerpoint: 19
Adobe Reader: 15
Yahoo! Messenger: 13
Realplayer: 12
iTunes: 9
Windows Media Player: 6
AOL: 2
MSN Live: 1
Source: Secunia

Rohit Dhamankar, senior manager at DVLabs, told me that “many security researchers have written tools and frameworks for fuzzing file formats and protocols. These tools have made the job of finding zero-days much easier.”

Johannes Ullrich, at the The SANS Institute, says that “there is a never ending supply of Office, or more general client vulnerabilities if you include software like Quicktime, Internet Explorer and others.”

Johannes thinks we’ve been lucky so far, since only a relatively few public exploits are seen in the wild—at least exploits that have been detected.

“At this point, we have little insight into what .mil/.gov is seeing. But we do get very good information from non-governmental organizations that are in the cross hairs of the Chinese government,” says Ullrich. “ Attacks are organized and start/stop very sudden. Usually these attacks coincide with important political events.”

Bodes ill for the November presidential race.

Comments

No Comments »

Popular Tags

Add new tag antivirus Bagle banking_trojan botnets Conficker CSIS Cyber Megacommunity cybersecurity cyber_czar cyber_warfare data_breaches denial of service F-Secure Facebook Fortify fraudsters fraud_spam IBM_ISS iFrames info ops info_ops koobface Lsass man-in-the-middle Microsoft MSBlast MyDoom Myspace n-dimensional problem Netsky obama Panda Patch_Tuesday phishing routers RPC-DCOM Sasser SQL injection stimulus_package Storm Sven Jaschan Trojan Trusteer Waledec

Search Last Watchdog

Navigate Last Watchdog

• Home

• About

• Contact

• Categories

• Archives

• Blogroll

• Useful Links