Internet rife with attack codes

Internet rife with attack codes
Internet rife with attack codes

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By Matthew Broersma
16 August 2007

Even seemingly safe web addresses are rife with attack code aiming at 
vulnerable clients, according to a new study [1] from the Honeynet 
Project. The study also found that methods such as blacklists can be 
surprisingly successful in stopping client-side attacks.

Attackers are increasingly turning to end-user systems as a way around 
the antivirus and firewall systems that are increasingly blocking access 
to traditional attack routes, according to the researchers, who hail 
from the US, Germany and New Zealand.

"The 'black hats' are turning to easier, unprotected attack paths to 
place their malware onto the end-user=E2=80=99s machine," they said in the 
study, called "Know Your Enemy: Malicious Web Servers."

The researchers, using a "high-interaction" client honeypot called 
Capture-HPC developed by the Victoria University of Wellington, analysed 
more than 300,000 addresses from around 150,000 hosts.

The study looked at various site categories, including adult, music, 
news, "warez," defaced, spam and addresses designed to grab traffic from 
users who mistype common web addresses. While some categories were more 
likely to contain malicious addresses than others, all contained 
malicious addresses, the report said.

"As in real life, some 'neighborhoods' are more risky than others, but 
even users that stay clear of these areas can be victimised," the report 
said. "Any user accessing the web is at risk."

Users can be led to malicious sites via links, typing in an address 
manually, mistyping an address or following search-engine results, the 
study said.


These results only confirm what security researchers have been saying 
for some time now. But the study also analysed the effectiveness of 
safeguards against such infections in some detail.

The research showed that blacklists, if regularly updated, can be a 
surprisingly effective way of blocking malicious addresses.

The researchers also recommended regular patching, but this may not 
always be straightforward, since the study found a prevalence of attacks 
against plug-ins and non-browser applications. "Attacks also target 
applications that one might have not think about patching, such as 
Winzip," the study said.

Another technique that can block attacks would be to use a less popular 
browser, such as Opera, the study found. "Despite the existence of 
vulnerabilities, this browser didn=E2=80=99t seem to be a target," the study 

The data used as the basis for the study has been made available on the 
Honeynet Project's website [2]. 


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 

Site design & layout copyright © 1986-2015 CodeGods