Exploits

The summer season has always been a mixture of holidays and launching new initiatives against cyberthreats if you look back at the past months.

This month’s top 10 again shows the prevalence of attacks against PC users using Java. 50% of the Top 10 attacks tried to intrude the computers exploiting vulnerabilities that have already been fixed with an update, provided by Oracle since March 2010.

We have reported numerous times about the dangers that lure around as soon as any kind of special holiday is around or a hot topic floods the news. And, as expected: Recently, there has been various malware connected to Osama Bin Laden. Let's have a look at two examples:

The last few days washed a massive number of fake Amazon.com and Buy.com e-mails into our systems. The spam mails are a deceptively real-looking reconstruction, that contain URLs to malicious websites.

Two researchers released information on a vulnerability in Sun's Java Runtime Environment that could give attackers a new point of attack to perform drive-by-downloads and compromise targeted clients on all current versions of Windows operating systems and several popular browsers.

The Israeli hacker Moshe Ben Abu published exploit code that takes advantage of a vulnerability in Internet Explorer 6/7 not 24 hours after Microsoft gave out Security Advisory 981374. Attackers are expected to adopt the exploit and use it in massive attacks targeting a broader audience.

We came across an interesting and widespread campaign, which infects computers by drive-by-download. The technique seems to be simple but sneaky: The attackers intrude into a web server and infect the content of the locally stored 404 error page. In the detected examples, the web pages had no…