This was illustrated quite clearly back in June of 2012, when Symantec's security response operation spotted a malformed Web page flaw - CVE-2012-1875 - being exploited in the wild. At the time, researchers noted that Microsoft - in its recent security bulletin summary for June - released security bulletin MS12-037, which is a critical security update covering Internet Explorer version 6 through 9.

A month earlier, in May of 2012, Amnesty international suffered a similar attack on its UK Web site, with hackers using a two-pronged vector based on Bloodhound.Exploit.466 and the IPS Signature Web Attack. The executable seen in the Amnesty International attack was Trojan.Naid, a remote access trojan first seen back in January 2010 which listens for – and accepts – a connection from the attacker to allow remote access to the infected machine.

These types of threats continue to be cause major issues, and do not just compromise computers, but can potentially affect all manner of hardware, including wireless routers, printers, cameras and most database applications.

Exploit kits

Next up, we have the recently evolved threat of exploit kits, of which the BlackHole kit is arguably the most well known. Despite its near-legendary status amongst hackers, this kit was first released by a Russian Hacker back in 2011, since when it has gone on to become the number one Web threat.

In June 2012, for example, several security experts spotted that the zero-day flaw (CVE-2012-1889) could be exploited using Internet Explorer. The solution to these kits is to subscribe to one of the main information feeds on kit exploits on the Internet, and use cloud information collation from your vendor to stay at least a few steps ahead of the threat pack if at all possible.


Within a week of the zero-day flaw being discovered, a Metasploit module was released by cybercriminals, allowing them to tap the exploit. Later in June, our colleagues at Sophos spotted a similar set of exploit code had been added to the BlackHole exploit kit landing page.

The Mal/ExpJS code in that case was notable for attempting to evade detection by being obfuscated (hidden) using a complex methodology that relied on a Web drive-by download attack vector as a means of infection.

Zero-day Web browser threats

This leads us nicely into discussing the fifth of our top five vulnerabilities, that of zero-day Web browser threats. Internet Explorer has come a long way since version 1.0 saw the first light of day in the mid-1990s, but the Web browser client’s evolution over the last 12 months has been rapid, adding a swathe of new features to the previously laggardly Web browser client.

In September 2012, several researchers warned of a new zero-day exploit for Internet Explorer, which – owing to its severity led to some firms advising users to switch to using another Web browser until the security flaw was remediated by Microsoft. Some reports suggested that the flaw affected as many as 32 per cent of Web users worldwide, owing to the penetration rate of Internet Explorer 7 – 9 running under the Windows XP, Vista and 7 operating systems.