Research

Web Security Report Reveals Major Vulnerabilities

• By Scott Aronowitz
• 02/23/10

Botnets are an increasingly efficient way to deliver malware; cyber criminal attacks via social networks like Twitter are an omnipresent threat; spam is increasing in both volume and severity. These are just a few of the conclusions that appear in the latest report from Web security products provider M86 Security.

The M86 Security Labs Report released to the public this month was based on extensive research that the company's Web security team conducted throughout the second half of 2009. Among the results detailed in the report:

There has been a surge in attacks via social networking sites such as Twitter, motivated by the increased use of shortened URLs (Internet addresses) on these sites. These URLs make it easier for online criminals to obscure malicious links, and such criminals also exploit the trust that builds between users of such sites as they develop social relationships.

The most efficient, and as a result the most common, method of distributing spam is through networks of secretly infected computers known as Botnets. The report indicates more than three-fourths of all spam in the six-month period examined originated from five Botnets.

Commonly used products such as Internet Explorer and Adobe's downloadable PDF readers can contain security vulnerabilities that leave them open to "zero-day" attacks. These are attacks launched by hackers on the same day the general public becomes aware of the security issues in question. Even casual hackers, as opposed to programming language experts, are finding ways to exploit these vulnerabilities with increasing speed, and in some cases such criminals even discover the vulnerabilities ahead of company security specialists.

"It is important to identify the major contributors to the volume of spam so that the industry can take action against them," said Bradley Anstis, vice president, technical strategy for M86 Security. He added that the Security Labs report details spam origins by specific Botnets, and offers other recommendations to combat spam and cybercrime.

A full copy of the report can be downloaded free of charge here.