Zero-day flaws target 'safe' programs


Zero-day flaws target 'safe' programs

Bill Brenner, Senior News Writer

In the nearly six months since the release of its last Top 20 vulnerabilities list, the SANS Institute has observed a sharp spike in zero-day

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

flaws, many of them in programs long considered to be safe alternatives to Windows.

However, Microsoft remains the target of industry scrutiny following several high-profile flaws, including the recent Windows Meta File (WMF) and Internet Explorer (IE) createTextRange glitches.

At the same time an increasing array of zero-day vulnerabilities appeared in Mozilla's Firefox browser and Apple Computer Inc.'s Mac OS X operating system.

SANS researchers also saw a sizable increase in financially motivated zero-day attacks, as well as an ongoing problem with attacks exploiting Web application flaws.

"We've observed 80-90 flaws in Web applications a week," said Rohit Dhamankar, project manager for the SANS Top 20 effort and lead security architect for the TippingPoint division of Marlborough, Mass.-based 3Com Corp. "Immediately after the flaw is disclosed, public exploit code emerges that can compromise back-end data or the Web server quite easily."

The Bethesda, Md.-based institute noted eight trends in its spring update of the Top 20 vulnerabilities list:

  • Rapid growth in critical Mac OS X flaws, including a zero-day hole. SANS said the Mac remains safer than Windows, but its bullet-proof reputation "is in tatters."
  • A substantial decline in the number of critical flaws in Windows services, offset by flaws in client-side software, including the WMF vulnerability and flaws in IE.
  • The continued discovery of multiple zero-day flaws in IE.
  • Rapid growth in critical Firefox and Mozilla vulnerabilities. "Firefox continues to be seen as somewhat safer than IE, but it is no panacea," SANS said.
  • A surge in commodity (cheap) zero-day attacks used to infiltrate systems for profit. Dhamankar said, "More of these attacks are hitting large enterprises and ISPs."
  • Rapid growth in critical flaws allowing direct access to databases, data warehouses and backup data.
  • A continued surge in file-based attacks, especially those using media and image files, Microsoft Excel files, and more.
  • A rapid spread, especially among defense and nuclear energy sites, of successful spear-phishing attacks.

    The institute described spear phishing as an activity in which the attacker sends an e-mail to as many as one hundred employees. That e-mail appears to be sent by a senior officer and orders the recipient to download a piece of software, implying it is required for security.

    "The software is actually a Trojan horse that escapes from the victim's computer, roams through the [network] … gathers and infiltrates important data and leaves a back door through which the attackers can return," the institute said.