Please support our Tech Talk advertiser:
Featured Entry 
Nov 20th, 2006, 11:57 am
•
•
•
•
Kaspersky Lab has released its latest Malware Evolution report, covering the period between June and September 2006 and, as usual, it makes for interesting reading.
Alexander Gostev, Senior Virus Analyst, Kaspersky Lab comments that the first six months of 2006 was “notable for the complexity of the technologies which antivirus companies had to deal with, a large number of new proof of concept programs, and the ever increasing interest shown by hackers in Microsoft Office.”
While there was no great exploit epidemic during this latest quarter, nor any new proof of concept viruses for that matter, or even much activity on the virus front at all that is not to say it has been a dull three months from the perspective of the security professional. Of most interest to me has been the continuing unwanted attention paid to the MS Office suite of applications, or perhaps to be more precise the fact that nothing has really changed from the first six months of the year in this regard.
To put this into some perspective you have to look back to the last report from Kaspersky Lab which highlighted the problem of OLE documents, as created by Office applications, which took centre stage during a whole host of vulnerabilities (in excess of 100) that were discovered and publicized before Microsoft was able to produce even a temporary patching solution. At the time Kaspersky Lab were vocal enough in pointing out that in order to properly secure its Office suite, Microsoft could not rely on the ‘Band-Aid over a gaping wound’ stopgap of issuing patches for each vulnerability, but rather would need to address the technology that powers and processes OLE objects. Needless to say, nothing has happened in this regard and Microsoft continues with its now obviously ineffective ‘Patch Tuesday’ strategy. No great surprise, then, that Kaspersky Lab reports malicious users continuing to challenge Microsoft with new Trojans, the most active threats coming from the direction of Chinese hackers apparently.
Just look at the vulnerability head count for those three months if you need evidence of the failure of Microsoft to properly address the flaws in its strategy:
July
August
September
And if you want to add to the list those vulnerabilities that were fixed by patches in October but originally detected in September, and why not, here they are:
October
“At Kaspersky Lab” the report notes “we even started betting on how long it would take for a new vulnerability to be detected in Office after the previous patch had been released. And the question wasn't whether a new vulnerability would be detected, but when: in each case, it was clearly only a matter of time, and not much time at that.” To make matters worse, for pretty much all of the reported vulnerabilities there were literally dozens of Trojans detected, so we are not talking isolated attacks here but large scale, determined exploitation of known holes. And it is just that which Kaspersky suggests as a theory to explain away the sheer scale of the attacks, the possibility that Microsoft is being deliberately targeted in an attempt to discredit the Seattle giant as an information security specialist.
To be honest, there are many who would claim that it doesn’t require a concerted effort by Chinese hackers to do that...
Alexander Gostev, Senior Virus Analyst, Kaspersky Lab comments that the first six months of 2006 was “notable for the complexity of the technologies which antivirus companies had to deal with, a large number of new proof of concept programs, and the ever increasing interest shown by hackers in Microsoft Office.”
While there was no great exploit epidemic during this latest quarter, nor any new proof of concept viruses for that matter, or even much activity on the virus front at all that is not to say it has been a dull three months from the perspective of the security professional. Of most interest to me has been the continuing unwanted attention paid to the MS Office suite of applications, or perhaps to be more precise the fact that nothing has really changed from the first six months of the year in this regard.
To put this into some perspective you have to look back to the last report from Kaspersky Lab which highlighted the problem of OLE documents, as created by Office applications, which took centre stage during a whole host of vulnerabilities (in excess of 100) that were discovered and publicized before Microsoft was able to produce even a temporary patching solution. At the time Kaspersky Lab were vocal enough in pointing out that in order to properly secure its Office suite, Microsoft could not rely on the ‘Band-Aid over a gaping wound’ stopgap of issuing patches for each vulnerability, but rather would need to address the technology that powers and processes OLE objects. Needless to say, nothing has happened in this regard and Microsoft continues with its now obviously ineffective ‘Patch Tuesday’ strategy. No great surprise, then, that Kaspersky Lab reports malicious users continuing to challenge Microsoft with new Trojans, the most active threats coming from the direction of Chinese hackers apparently.
Just look at the vulnerability head count for those three months if you need evidence of the failure of Microsoft to properly address the flaws in its strategy:
July
- Microsoft Security Bulletin MS06-037
- Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
- Microsoft Security Bulletin MS06-038
- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
- Microsoft Security Bulletin MS06-039
- Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)
August
- Microsoft Security Bulletin MS06-047
- Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code
- Execution (921645)
- Microsoft Security Bulletin MS06-048
- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)
September
- Microsoft Security Bulletin MS06-054
- Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)
And if you want to add to the list those vulnerabilities that were fixed by patches in October but originally detected in September, and why not, here they are:
October
- Microsoft Security Bulletin MS06-058
- Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
- Microsoft Security Bulletin MS06-059
- Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)
- Microsoft Security Bulletin MS06-060
- Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
- Microsoft Security Bulletin MS06-062
- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)
“At Kaspersky Lab” the report notes “we even started betting on how long it would take for a new vulnerability to be detected in Office after the previous patch had been released. And the question wasn't whether a new vulnerability would be detected, but when: in each case, it was clearly only a matter of time, and not much time at that.” To make matters worse, for pretty much all of the reported vulnerabilities there were literally dozens of Trojans detected, so we are not talking isolated attacks here but large scale, determined exploitation of known holes. And it is just that which Kaspersky suggests as a theory to explain away the sheer scale of the attacks, the possibility that Microsoft is being deliberately targeted in an attempt to discredit the Seattle giant as an information security specialist.
To be honest, there are many who would claim that it doesn’t require a concerted effort by Chinese hackers to do that...
- Davey Winder, staff writer aka happygeek
•
•
•
•
advice antivirus apple botnet browser business computer crime daniweb data development email encryption firefox forensic google hacking hardware help ibm internet ipod linux malware mcafee microsoft mobile news office operating phishing privacy report research search security software spam spyware survey system trojan upgrade virus vista web windows worm xp yahoo
All Recent Tags Post Comment
•
•
•
•
DaniWeb Marketplace (Sponsored Links)
Related Blog Entries
- Chinese quake should not threaten Intel chip supply (1 Hour Ago)
- The botnet stripped naked and exposed (1 Day Ago)
- Fedora 9: All That and a Bag O' Chips (1 Day Ago)
- F1 racing drivers at risk from hard drive blackmail plot (1 Day Ago)
- What Does the Future Hold for the OS? (3 Days Ago)
- Jasper is just a stepping stone to Valhalla for Microsoft Xbox 360 gamers (3 Days Ago)
- Is Google an open relay spammer? (3 Days Ago)
- Computing and disabilities (7 Days Ago)
- Chinese Army of Hackers attack Belgium (7 Days Ago)
- Microsoft open source vision blooms with Daisy (8 Days Ago)
Related Forum Threads
- New Win32 virus detected but cannot clean (Viruses, Spyware and other Nasties)
- Whats the benefit from Open Source? (Getting Started and Choosing a Distro)
- Viruses,trojans malicious files ,please help (Viruses, Spyware and other Nasties)
- help - Adware.CDT (Viruses, Spyware and other Nasties)
- "Your Windows is corrupted with spyware" virus - again (Viruses, Spyware and other Nasties)
- office 2000 with windows xp (Windows Software)
- Office 2003 locks up installing .ttf files (Windows Software)
