Web-based threats – or online threats – are malware programs that can target you when you’re using the Internet. These browser-based threats include a range of malicious software programs that are designed to infect victims’ computers.
The main tool behind such browser-based infections is the exploit pack – which gives cybercriminals a route to infecting computers that either:
Applications and OSs that are targeted by online threats
Cybercriminals will use almost any vulnerability – within an operating system (OS) or an application – in order to conduct an exploit-based attack. However, most cybercriminals will develop web threats that deliberately target some of the most common OSs and applications, including:
Because Java is installed on over 3 billion devices – that are running under various operating systems – exploits can be created to target specific Java vulnerabilities on several different platforms / OSs.
Although Adobe Reader has been targeted by many attacks, Adobe has implemented tools to protect the program against exploit activity – so that it’s getting harder to create effective exploits for the application. However, Adobe Reader was still a common target over the past 18 months.
Windows and Internet Explorer
Active exploits still target vulnerabilities that were detected as far back as 2010 – including MS10-042 in Windows Help and Support Center, and MS04-028 which is associated with incorrect handling of JPEG files.
Cybercriminals use exploits to gain root privileges. Then, they can achieve almost complete control over the targeted device.
Millions of web attacks… every day
In 2012, the number of browser-based attacks was 1,595,587,670. On average, that means Kaspersky Lab products protected users against web threats more than 4.3 million times every day.
Kaspersky’s Internet security experts have identified the most active malicious software programs involved in web threats. The list includes the following types of online threats:
Kaspersky identifies these websites by using cloud-based heuristic detection methods. Most malicious URL detections are for websites that contain exploits.
Hackers inject malicious scripts into the code of legitimate websites that have had their security compromised. Such scripts are used to perform drive-by attacks – in which visitors to the website are unknowingly redirected to malicious online resources.
Scripts and executable PE files
Generally, these either:
Download and launch other malicious software programs
Carry a payload that steals data from online banking and social network accounts, or steals login and user account details for other services
Trojan-Downloaders These Trojan viruses deliver various malicious programs to users’ computers.
Exploits and exploit packs
Exploits target vulnerabilities and try to evade the attention of Internet security software.
Often, adware will simultaneously install when a user starts to download a freeware or shareware program.
TOP 20 malicious programs on the Internet
In Kaspersky’s list of 2012’s most active malicious software programs associated with online threats, the following Top 20 account for 96% of all web attacks:
*These statistics represent detected verdicts of the web-based antivirus module and were submitted by users of Kaspersky Lab products who consented to share their local data.
**The percentage of unique users with computers running Kaspersky Lab products that blocked online threats.
Other articles and links related to threats, malware, and security