PCWorld.com - Popular Programs Suffer Wave of Internet AttacksPopular Programs Suffer Wave of Internet Attacks
A new report on the top Internet vulnerabilities of 2005 finds a trend toward attacking common user applications.
Erik Larkin, PC World
Tuesday, November 22, 2005
Internet criminals are increasingly targeting popular applications like backup software and Web browsers instead of the operating systems that run them, according to a new report from government and industry security experts.
Attackers are targeting backup and recovery programs, as well as "the antivirus and other security tools that most organizations think are keeping them safe," according to the SANS Top 20 report for 2005, released today. The shift toward finding and exploiting vulnerabilities in programs represents a major change from past years, when Windows and other operating systems and Internet services like Web and e-mail servers were the preferred targets.
"A new wave of attacks concentrated on application programs" in 2005, the report states.
Popular Software at Risk
In addition to holes in security and backup programs, critical vulnerabilities in instant messaging programs, Web browsers, file sharing applications, and media players are all listed among the Top 20.
And those vulnerabilities are drawing all the wrong sorts of attention. According to SANS, unwanted network traffic targeting Symantec Veritas BackupExec rocketed to 500,000 instances within days of an announced security hole in the product, up from a previous maximum of about 50,000 instances.
Symantec wasn't alone. Microsoft Office, Internet Explorer, Firefox, and AOL Instant Messenger also suffered from serious reported vulnerabilities, as did RealPlayer and iTunes. Also, according to a previous report from the Yankee Group, the number of flaws reported in antivirus and other security programs is increasing at a far faster rate than for Windows.
Opportunities for Criminals
Applications represent an increasingly attractive target because operating systems and Internet services have become more resilient after years of steady attacks. Many programs, on the other hand, lack any means for automatic program updates. The delay between an announced vulnerability and the time that an administrator or home user manually updates the software represents a window of opportunity for Internet criminals.
New awareness of critical security holes in the network devices that guide Internet traffic represents the second important shift in the Top 20, according to the report.
"Compromises of network devices can provide attackers one of the most fruitful platforms for eavesdropping and launching targeted attacks," it states.
Government organizations within the United States, the United Kingdom, and Canada all contributed to the report, as did Internet security companies TippingPoint and Qualys. The SANS Institute has been producing the Top 20 report since 2000.
PC World earlier this year explored the new waves of criminal activity in a five-part series called Web of Crime.