Adobe’s Flash player and Acrobat software were the top targets for hackers attempting to install malware on Europe’s PCs during 2008, according to security researchers at Symantec.
A vulnerability in Adobe’s Flash player that was published – and patched – just 12 months ago is already the most popular target for Web-based attacks on European PCs, according to Symantec’s annual EMEA Internet Security Threat Report.
The second most frequent Web-based attack during 2008 was also aimed at an Adobe application, with malicious PDF documents exploiting vulnerabilities in Acrobat and Acrobat plug-ins.
The most common type of malware installed by an attack was a Trojan, accounting for two-thirds of the total. Symantec said that increasingly these attacks are done in stages, with the initial infection lowering the victim’s capabilities and allowing more capable malware to be installed without detection.
Once it is on a computer, malicious code tries to propagate itself, and by far the most common route was shared executable files – in particular, files shared via removable media such as USB sticks and media players. The Symantec researchers said that 65 per cent of potential infections travelled this way during 2008, almost double the proportion that used this propagation method during 2007.
This reflects the growing usage of USB-connected storage media, said Symantec, and recommended that enterprises should disable Windows’ Autorun feature, virus-scan removable drives and use policies to block unauthorised USB devices from corporate PCs.
The researchers said that, as well as keeping systems up-to-date with software patches and antivirus definitions, enterprises “should monitor all network-connected computers for signs of malicious activity including bot activity and potential security breaches, ensuring that any infected computers are removed from the network and disinfected as soon as possible.”
They added, “Symantec recommends that organisations perform both ingress and egress filtering on all network traffic to ensure that malicious activity and unauthorised communications are not taking place.
“Organisations should also filter out potentially malicious email attachments to reduce exposure to enterprises and end users. In addition, egress filtering is one of the best ways to mitigate a DoS (denial of service) attack.”