The ecosystem of malware production and infection may not be of interest to everyone, but a new report from Symantec provides a great insight, if you are interested or need to know.
Attack Kits and Malicious Websites (report PDF) describes attack methods, kit types and the evolution of these crimeware kits. The features and method of traffic generation are discussed, together with an excellent section on the prevalence of attack kits, malicious web sites and attack kit popularity. The top three most attacked vulnerabilities all affected web browser plug-ins, and out of five unpatched vulnerabilities used, five of these affected browser plug-ins; and all of these could be used in drive-by malware installation where a user only has to visit a page without any other action required.
Note that the web sites hosting the malicious code are a combination of intentionally malicious web sites, and legitimate web sites which have been compromised for malicious purposes.
The report includes some advice for systems administrators and end users on protective measures, although it is light on advice for preventing your own web site becoming compromised.
If you are interested in cyber fraud or how to detect it, and want to read more extensively, I'd recommend Cyber Fraud: Tactics, Techniques and Procedures, Auerbach Publications, 2009 (ISBN 978-1-420-09127-1), and Detecting Malice, Robert Hansen, SecTheory, 2009 (ISBN 978-0-557-18733-1).
Posted on: 01 February 2011 at 08:40 hrs