The analysis of recently discovered security vulnerabilities, common hacker attacks, virus and spyware infections that took place last year revealed an absolutely new trend – more and more parasites are being designed to exploit not the operating system’s flaws, but bugs found in popular desktop and security-related software including antiviruses, backup utilities, database products, media players and other widely used programs installed to the almost every system. Since Microsoft began to feel concern about Windows protection and with the improvement of its program of regular online updates spyware makers and virus authors started to target their pests on popular third-party applications, as today it is much more difficult to create a threat, which would rapidly spread by penetrating up-to-date systems. This year everyone had a chance to notice this. There were thousands of users affected by parasites exploiting vulnerabilities of popular web browsers, instant messengers, Java and media add-ons. Now it is a time for media players, antiviruses, firewalls and backup tools.
According to SANS The Twenty Most Critical Internet Security Vulnerabilities list updated today, users should change their attitude towards system and privacy protection and pay more attention to flaws discovered in popular desktop software and ways to quickly fix them. Indeed, millions of people still use severely outdated programs and think that regular antiviruses and anti-spyware tools can protect them from anything. However, such viewpoint is wrong. Some recently appeared parasites propagating through flaws in installed software first of all attempt to disable or bypass security-related programs exploiting their vulnerabilities and then run a devastating payload. The affected user cannot notice anything unusual, as an antivirus or firewall simply does not alert him or her.
Another important security aspect that some users and especially companies miss is a protection of backup and database software. Backups and databases often contain priceless information that malicious persons strive to steal. And this is quite a simple task for them if software managing databases and backups has unpatched security vulnerabilities.
Here are few fragments of The Twenty Most Critical Internet Security Vulnerabilities explaining how insecure outdated desktop software can be:
Multiple buffer overflow vulnerabilities have been discovered in the anti-virus software provided by various vendors including Symantec, F-secure, Trend Micro, Mcafee, Computer Associates, ClamAV and Sophos. These vulnerabilities can be used to take a complete control of the user’s system with limited or no user interaction.
Anti-virus software has also been found to be vulnerable to “evasion” attacks. By specially crafting a malicious file, for instance, an HTML file with an exe header, it may be possible to bypass anti-virus scanning.
A number of vulnerabilities have been discovered in various media players during last year. Many of these vulnerabilities allow a malicious webpage or a media file to completely compromise a user’s system without requiring much user interaction. The user’s system can be compromised simply upon visiting a malicious webpage. Hence, these vulnerabilities can be exploited to install malicious software like spyware, Trojans, adware or keyloggers on users’ systems. Exploit code is publicly available in many instances.
During last year, a number of critical backup software vulnerabilities have been discovered. These vulnerabilities can be exploited to completely compromise systems running backup servers and/or backup clients. An attacker can leverage these flaws for an enterprise-wide compromise and obtain access to the sensitive backed-up data. Exploits have been publicly posted and several malicious bots are using the published exploit code.
There is only one truly effective way to avoid such attacks and infections: users should regularly update every application installed to the system. Yes, this may be quite a difficult and long procedure. But it is much better to spend few extra hours per week than to end up with a compromised computer and stolen confidential information.