Stream Object file installation weakness. This exploit accounted for 18% of the total number of web based exploits for the year. This vulnerability allows hackers to install malicious files on a vulnerable computer when a user visits a website hosting an exploit. In order for this attack to be successful, an attacker must exploit an arbitrary vulnerability that bypasses Internet Explorer Security settings. Then the attacker can execute the malicious files that were installed by the initial security weakness. This vulnerability has been known since 2003, and patches have been released since 2004.
This exploit exposes the fact that many imputer systems were not being kept up to date. (Symantec Corporation, 2009) The number three most common web based exploit of 2009 was the Microsoft Internet Explorer 7 initialized memory code execution vulnerability. This attack works by enticing a victim to open a malicious web page. Once a user opens the web page it gives the attacker the ability to execute remote code on the victims computer. Since this is a browser based attack, it gives the hacker potentially more targets than relying on a plugging that may not get installed. Symantec Corporation, 2009) The top 3 Mallard attacks of 2013 were WWW. Download, WWW. Salinity, and WWW. Rampant. Although their names all begin with WWW. , each bug has it’s own way of exploiting a system. Let’s take for instance the WWW. Download. This worm has been around since 2008. This worm spreads by taking advantage of a remote code execution vulnerability found in Microsoft Windows server service RFC. This worm strives to block access to security related web sites while attempting to spread to protected network shares via brute force of weak passwords. The Security of the entire network is at stake with this worm.
This virus demonstrates wows how important it is to keep servers and workstations updated with the latest virus definitions. (WWW. Download. B, n. D. ) The WWW. Rampant has been around since 2010. This worm is spread by infecting executable drives and removable drives. This mallard steals bank surnames and passwords. Having a security policy prohibiting personal drives from being used in the workplace is paramount. This type of attack could cause data loss if unmitigated. (Symantec Corporation, 2013) The WWW. Salinity is in my opinion the nastiest of all three bugs. What makes the WWW.
