Kasperky reveals top five most vulnerable PC apps
Java tops list, accounting for more than half of all exploits used
Security specialist Kaspersky Lab this week warned of the most vulnerable PC programs to online exploits.
Most Internet attacks are currently performed using exploits. They depend on vulnerabilities in popular applications to penetrate computers, and target operating systems, browsers, office packages and music players to deliver their payload.
Kaspersky Lab has uncovered the five main types of vulnerable applications targeted by exploits. According to a Q3 2012 report on malware activity, Java vulnerabilities are used in more than half of all attacks. Updates for the software are installed on demand rather than automatically, increasing the lifetime of vulnerabilities. Java exploits are easy to use under any version of Windows and, with some additional work by cybercriminals, as in the case of Flashfake, cross-platform exploits can also be created. This explains why cybercriminals are especially interested in Java vulnerabilities.
Attacks via Adobe Reader rank second, accounting for a quarter of all blocked attacks. The popularity of exploits for Adobe Reader is gradually declining due to a relatively simple mechanism that ensures their detection, as well as automated updates introduced in the latest versions of the software.
Exploits targeting vulnerabilities in the Windows Help and Support Center, as well as various Internet Explorer (IE) flaws, accounted for 3% of all attacks.
For several years now cybercriminals have been constantly on the lookout for errors in Flash Player. According to Kaspersky Security Network, in Q3 of 2012 the top 10 vulnerabilities included two entries for Adobe Flash. Our top 5 is rounded off by exploits targeting devices running under Android OS. They are mainly aimed at ‘jailbreaking' devices to provide any software - genuine or malicious - with full access to the memory and features of a telephone or tablet.
"Today, the Internet is a very aggressive environment. Virtually any site may turn out to be infected and visitors with vulnerable applications on their computers can easily fall victim to cybercriminals," commented Sergey Novikov, head of Global Research and Analysis, EEMEA, Kaspersky Lab.
"Cybercriminals primarily target electronic accounts or confidential user data, expecting to be able to turn this information into cash. They use all available methods to deliver malware to the user's computer, and exploits just happen to be one of the most popular methods."