Browser infection rate against an exploit pack

Discussion in 'other security issues & news' started by MrBrian, Mar 24, 2009.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://www.prevx.com/blog/107/Fiesta---Monitoring-ITW-exploit.html

    The overall infection rate for this exploit pack was 3137/26076, or about 12%. The data also gives breakdowns by browser used. Be careful about making comparisons though, because this will vary by the exploits used in a given exploit pack, and also because of correlations that affect security. For example, those who use IE6 may have different security habits and configurations than those who use IE7.
     
  2. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Thanks MrBrian. From the list of exploits it looks like FF wasn't targeted therefore is this why it appears to have done so well? I admit I don't know what some of the exploits are. But then again, isn't the PDF exploit universal?
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :)

    Yes, I believe the reason is that Firefox wasn't targeted by this particular exploit pack, and also wasn't vulnerable to the PDF exploit(s) included, for whatever reason.
     
  4. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Thanks! It's also kinda interesting to see how many folks still run older browser versions.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    At least in Poland and Russia...
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    It was also interesting to see that those on XP SP1 had an infection rate well below XP SP2, and that Vista had a low infection rate.
     
  7. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I missed that part.

    Yikes! Windows 2003 got hammered at 47.3%.
     
  8. Arup

    Arup Guest

  9. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Well, they were kind enough to provide percentage breakdowns by OS and browser version, and it appears that IE only looks bad when you're using old IE versions on old XP, with 90% of the infections attributed to IE6.
     
  10. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    It's also interesting to note how they define "infection". The best I could find was: " The victims browser will then iterate through a series of exploits, to see if they are vulnerable to any of them," which isn't very helpful.

    While it may be possible to get your exploit code running in the memory space of the browser process, to call just that as an "infection" is questionable at best. Chrome and IE7 / IE8, for example, have additional safeguards (sandboxing, Protected Mode) that can block payloads even if the exploit code gets successfully installed and running.
     
  11. Arup

    Arup Guest


    I feel if one keeps using old unpatched browser or OS, no matter what their origin, they deserve to get infected. Even running older unpatched Linux kernel would get you into heaps of trouble. Same goes for running older FF or Opera versions. IE8 and Chrome have set a good precedence by incorporating protected mode, something other brosers should emulate and learn from.
     
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    This page shows a different version of the exploit pack that has managed to achieve "loads" via Firefox. I wonder if the labels for SP1 and SP2 are transposed, because SP1 shows a much greater number of visits than SP2, which doesn't seem likely.
     
  13. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    A page with different stats
     
Loading...
Thread Status:
Not open for further replies.