Zero-day Web attacks intensify
Posted on | December 18, 2008 | add a comment
Zero-day attacks that take advantage of freshly-discovered security holes in web browsers and web applications intensified in November. ScanSafe reports that 26% of the web exploits it blocked on behalf of its customers last month were of the zero-day variety. That means no patches were available for the flaw being exploited. The rate of such attacks increased from 16% in October. The average for the year: 19%.
“Throughout November, attackers were more intent than ever on ensuring the malware they used would bypass traditional security measures,” says Mary Landesman, senior security researcher at ScanSafe.
ScanSafe also noted that backdoors and data theft Trojans caught by its SaaS Web Security scanning and filtering tool increased from 13% of all Web malware blocks in October, to 30% of all blocks in November.
“The recent increase in backdoors and data theft Trojans is very concerning given the seriousness of this category of malware,” said Landesman. “Heightened exposure indicates attackers are going to new extremes to get their malware in front of users, perhaps as a result of the declining economic climate.”
–Byron Acohido