Sun JVM and Adobe Acrobat Reader Vulnerabilities Top List with Infection Rates of 36 percent
Melbourne, 23 July 2010 – AVG (AU/NZ) today announced that AVG Technologies’ Web security research team has discovered a network of 1.2 million malware-infected computers controlled by cybercriminals who were using the Eleonore exploit toolkit – commercial attack software which enables cyber criminals to infect and monitor compromised PCs.
The two month long study by AVG researched 165 Eleonore toolkits in use by cyber criminals and concluded that those using the Eleonore exploit toolkit were experiencing a 10 percent success rate in infecting the more than 12 million users visiting their compromised web pages. All 165 domains experienced high volumes of traffic which the cyber criminals managed to compromise.
Although you may assume that the cyber criminals making and using these toolkits are software experts, the reality is that even malicious code writers leave vulnerabilities in their code. Taking advantage of one of the weaknesses in the Eleonore toolkit, AVG researchers were able to collect statistics that allowed them to gain a better understanding of the magnitude of such attacks and the average success rate in infecting PCs by these toolkits.
The research was built using AVG LinkScanner® product data, identifying URLs that the product blocked when it identified a threat.
“The accessibility and sophistication of easy-to-use cyber criminal toolkits proves that cyber gangs are raising the bar to monetise their criminal activities,” said Lloyd Borrett, Security Evangelist at AVG (AU/NZ). “That is why it’s more important than ever for families, corporations and other computer users to protect their computers from being targeted by this kind of increasingly popular cyber attack by using AVG anti-virus and web security tools like LinkScanner that AVG offers free.”
The first step to silently infecting a user’s machine with malware is to exploit a vulnerability in their browser or other applications running on their machine. Successfully exploiting a vulnerability enables the cyber criminal to load and install the actual malware that can steal data and enable the criminal to later auction the PC online as a DDoS bot or a spam sending machine.
Eleonore exploit toolkit utilises the following vulnerabilities to exploit PCs:
• Sun JVM vulnerabilities
• Adobe Acrobat Reader vulnerabilities
• Various IE6 vulnerabilities
• Various IE7 vulnerabilities
• Various FireFox vulnerabilities
AVG’s award winning Anti-Virus and Internet Security software, in addition to its innovative AVG LinkScanner product for both Windows and Mac computers, protects users against the ever increasing online web threats. AVG LinkScanner dynamically scans web pages for threats in real-time before users open them in their browser. AVG Anti-Virus Free Edition or AVG LinkScanner can be downloaded at http://www.avgfree.com.au.
About AVG Technologies
www.avg.com
AVG is a global security software maker protecting more than 110 million consumers and small businesses in 170 countries from the ever-growing incidence of web threats, viruses, spam, cyber-scams and hackers on the Internet. AVG has nearly two decades of experience in combating cyber crime and one of the most advanced laboratories for detecting, pre-empting and combating Web-borne threats from around the world. Its free, downloadable software allows novice users to have basic anti-virus protection and then easily upgrade to greater levels of safety and defense when they are ready. AVG has nearly 6,000 resellers, partners and distributors globally including Amazon.com, CNET, Cisco, Ingram Micro, Play.com, Wal-Mart, and Yahoo!.
AVG (AU/NZ) has a comprehensive range of security tips on its web site at http://www.avg.com.au/resources/security-tips/.
About AVG (AU/NZ) Pty Ltd — www.avg.com.au
Based in Melbourne, AVG (AU/NZ) Pty Ltd distributes the AVG range of Anti-Virus and Internet Security products in Australia, New Zealand and the South Pacific. AVG software solutions provide complete real-time protection against the malware, viruses, spam, spyware, adware, worms, Trojans, phishing and exploits used by cyber-criminals, hackers, scammers and identity thieves. AVG protects everything important and personal inside computers — documents, account details and passwords, music, photos and more — all while allowing users to work, bank, shop and play games online in safety.
AVG provides outstanding technical solutions and exceptional value for consumers, small to medium business and enterprise clients. AVG delivers always-on, always up-to-date protection across desktop, and notebook PCs, plus file and e-mail servers in the home and at work in SMBs, corporations, government agencies and educational institutions.