Exploit Prevalence Survey Released

Engineering attacks on the rise with fake codecs and storm botnet spam

ATLANTA -- Exploit Prevention Labs, developer of the LinkScanner line of safe surfing software that protects against exploits, phishing, and other social engineering attacks, today released the results of its Exploit Prevalence SurveyT for July and August. Now in its second year, the Exploit Prevalence

Survey is the industry's only survey to use real-world data to definitively measure the impact of the most widespread web-borne exploits. Results are derived from automated reports submitted by LinkScanner users combined with data collected from all levels of the company's multi-faceted research network.

According to Roger Thompson, co-founder and CTO of Exploit Prevention Labs and the manager of the monthly Exploit Prevalence Survey, one of the more interesting trends to emerge over the summer has been the increasing use of social engineering tactics to spread exploits.

The most notable example has been what Thompson calls the TROJAN FAKE CODEC,

which held the number one position as most widespread exploit for both July and August. Web surfers are offered free videos of famous celebrities such as Britney Spears and Paris Hilton, but when they click a link to view the video, they're presented with a popup box that tells them they need to download a codec (software required to download and view streaming media) to view the video. What actually happens is that the user's PC is infected with a drive by-download of a rootkit that conceals running processes, files or system data, helping the intruder to access the user's system without their knowledge.

The people behind the ongoing Storm botnet, a network of thousands of innocent personal computers commandeered to transmit spam, have also been leveraging social engineering tactics to dupe surfers into downloading malicious exploits.

"In July, we began to see a new surge of greeting card scams, in which users

are invited to click on a hyperlink to view an e-card from someone who claimed to know them," said Thompson. "But when users clicked on the link, they were

instead taken to a malicious web page that attempted to download the Q4 Rollup exploit, an encrypted cocktail of a dozen different exploits. Unpatched machines are then sucked into the botnet, where they are transformed into spam zombies that attack other web users with floods of traffic, or they're infected with

rootkits planted by the bad guys."

Exploit Prevention Labs