ID: IRCNE2011071190
Date: 2011-07-20
TechWorld - Spam volumes are down sharply on their level a year ago but cybercriminals continue to hit home with easy-to-exploit vulnerabilities for Adobe and Java, the latest half-year report from security company M86 Security has said.
The company’s Labs Report for January-June 2011 confirms what every other respected source has been saying about spam levels in the aftermath of last September’s closing of pharmacy spam host, Spammit.com; it has declined heavily and stayed at a lower level ever since.
One thing that doesn’t appear to be changing is the way that criminals continue to target software old flaws that have been around for years, most commonly in Adobe, Java and Microsoft applications.The commonest exploit seen was an ActiveX exploit for Internet explorer from 2006, followed by a stack of flaws in Adobe Reader dating from between 2007 and 2010. Adobe’s popularity appears to be connected to its ubiquity. As individual browser flaws are patched more rapidly, this is pushing criminals to find plug-ins that are vulnerable across all browsers and Adobe fits this bill perfectly.
As Qualys revealed recently, plug-ins are also patched less assiduously than browsers, perhaps because users underestimate their security importance. This is particularly true of Adobe applications.
- 2