File Exploits Avoidable?
|
 |
|
Author:
CentrumXP.pl
Published:
15 April 2009
|
|
|
|
|
|
|
Microsoft published its biannual security report. The software giant said that much of the problems with infected files stems from users' failure to apply available patches.
The report, covering the second half of 2008 (2H08), marks the first time that the Microsoft study has tracked infected files, leading researchers to conclude that users could avoid much of the infection problem simply by becoming more diligent about updating and patching their software.
For instance, the report examined the seven most-attacked Office vulnerabilities and the top two Adobe Reader vulnerabilities -- all of which have long had available patches.
The report does not say that Microsoft Office is unsafe. In fact, if you have the latest version and the latest patch, you're likely fine.
Business users at risk
As the Conficker worm recently demonstrated, it's not only home users that are failing to patch and update software -- some corporate IT environments have unpatched computers, too.
It's unclear why more users and IT shops aren't keeping their systems up to date. The obvious conclusion might be that those falling victim to the attacks are users of pirated software. However, Forstrom noted that Microsoft provides security updates -- but not other updates -- for pirated software.
Compounding the problem
Users' failure to patch also compounds the threat posed by growing numbers of increasingly savvy malware authors, who seek to compromise systems by infecting trusted documents.
One example is the rapid increase in attacks aiming to exploit the Adobe Portable Document File (PDF) format. Although the report's authors declined to provide exact numbers, they wrote, "Use of the PDF format as an attack vector rose sharply in 2H08, with attacks in July amounting to more than twice as many as in all of 1H08 combined and continuing to double or almost double for most of the remaining months of the year."
To help combat the surging tide of malware, e-mail and instant messaging programs are often configured to block file formats that have been used as vectors for malware in the past, such as files with .exe, .com and .scr extensions.
But the report noted that this hasn't done much to stem the tide.
Worse, a victim won't know they're infected because the malware often allows the victim to view an uninfected version of the document. The only indication of infection that the victim would see is the program window blinking a few times -- as first the infected document is loaded, followed by an uninfected version.
|
|