Flash exploits increase 40 fold in 2011

Zero day exploits remain rare

Exploits targeting bugs in Adobe’s Flash Player increased by more than 40 times in the three months after April, according to Microsoft.

During the 9 months prior to April 2011, Microsoft detected well below 50,000 Flash Player attacks, however after that they jumped to just under 300,000 detections, Microsoft reports in latest Security Intelligence Report (SIR).

The explosion came off the back of two zero day vulnerabilities and occurred in the weeks after Adobe patched them.

The first wave of attacks came on April 21, about a week after Adobe had patched a zero day exploit that relied on a rigged Shockwave (.swf) file embedded in a Microsoft Office document titled "Disentangling Industrial Policy and Competition Policy.doc", which purported to contain information regarding Fukushima Daiichi nuclear disaster in Japan.

Most of those attacks were directed at computers in Korea. Then in June, shortly after Adobe patched another zero day Flash flaw, a second series of attacks occurred through June and July, again directed mostly at Korea.

While zero day exploitation has been the focus of attention due to their use in several recent high profile attacks, SIR figures show they accounted for 0.12 per cent of all exploit activity in the first half of 2011, jumping to 0.37 per cent in June.

Jeff Jones, a director of Microsoft’s Trustworthy Computing Group, told CSO Australia’s US sister site, Computerworld, the threat of zero day attacks needs to be put in to context.

“For the person who has security as a day-to-day job, they need to worry about the things that are most prevalent and most severe.”

Compared to zero days and Flash exploits in general, the real threats were old favourites, Windows and Java exploits.

JavaScript exploits retained their dominance throughout 2011, however Windows exploits, which had been on the decline, shot up from fewer than 300,000 detections prior April to over 5 million by around June.

A “malformed” shortcut targeting a Windows flaw, originally used by the Stuxnet malware and detected in 2010, was almost solely responsible for the sudden jump as it became employed by other malware families, Microsoft noted.

Australia’s standing in the world in terms Windows infections was good compared with developing nations, which often had infection rates higher than 15 per cent, but average in the developed world.

The world infection rate of 9.8 per cent in the second quarter of 2011 was down from 11 per cent the previous quarter, while Australia’s Windows infection rate fell from 5.3 per cent to 4.6 per cent. This was on par with the Canada, US, UK, Ireland, the Netherlands, and New Zealand, but above the rates for Germany, Norway, Sweden, Switzerland

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitybugsShockwaveadobe flashAdobe Flash player

More about Adobe SystemsMicrosoftSIRSwitzerland

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts