Read this Trend and Risk report from IBM® ISS X-Force® to learn statistical information about all aspects of threats that affect Internet security, including software vulnerabilities and public exploitation, malware, spam, phishing, web-based threats, and more!
IBM Global Technology ServicesJanuary 2009
IBM Internet Security Systems ®X-Force 2008 Trend & Risk Report®X-Force 2008 Trend & Risk Report
Table of Contents
Overview 1 2008 Highlights 2 Vulnerabilities 2 Web-Related Security Threats 3 Spam and Phishing 4 Malware 4Exploitation Economics: What Didn't Happen in 2008 and Why 5 Business Analysis of Computer Security Threats 5 Criminal Economics 101 7 Criminal Opportunities 7 Criminal Costs 7 Examples 8 Microsoft Snapshot Viewer ActiveX Control Remote Code Execution 8 SNMPv3 HMAC Security Bypass 10 Microsoft IIS HTML Encoded ASP Remote Code Execution 12 Microsoft Windows Server Service Remote Code Execution 13 DNS Cache Poisoning 14 Conclusion 17Vulnerabilities 18 2008 Vulnerability Disclosure Count 18 Vulnerability Disclosure Timing 19 Vulnerability Disclosures by Severity 20 CVSS Base Scores 21 CVSS Temporal Scores 23 Vendors with the Most Vulnerability Disclosures 24 New Vendors in the Top Vendor List 25 Availability of Vulnerability Fixes and Patches 27 Remotely Exploitable Vulnerabilities 28 Consequences of Exploitation 29Web Application Vulnerabilities 31 Web Application Vulnerabilities by Attack Categories 32 Active Exploitation & Automated SQL Injection Attacks in 2008 36 No Patch for You 37 Good Websites Using Bad ActiveX Controls 38Most Vulnerable Operating Systems 40®X-Force 2008 Trend & Risk Report
Browser and Other Client - Side Vulnerabilities and Exploits 41 Client-Side Vulnerabilities - Browsers Are Getting Better 41 Critical and High Vulnerability Disclosures in Prevalent Applications 42 Browser and Plug-in Vulnerabilities - ActiveX Disclosures Declining 44 Availability of 0-Day Exploit Code 46 Exploitation Targets: From the OS to the Browser and Beyond 47 Web Browser Exploitation Trends 47 Most Popular Exploits 48 Most Popular Exploit Toolkits (2H 2008) 49 Obfuscation 50 PDF Exploitation and Obfuscation 50 Overall Client-Side Attack Activity 51 Exploits from Malicious Websites 51 Countries Hosting the Most Malicious Websites 53Spam 54 Spam Volume 55 More Trends Towards Simpler Spam 56 URL Spam 56 The Rise and Fall of Plain-Text Spam 57 Common Domains in URL Spam 58 Common Top Level Domains in URL Spam 60 Why .com? / Why .cn? 63 Lifespan of Spam URLs 64 Spam - Country of Origin 65 Spam - Country of Origin Trends 66 Spam URLs - Country of Origin 67 Spam URLs - Country of Origin Trends 68 Spam - Average Byte Size 70 Spam - Most Popular Subject Lines 70 The McColo Takedown and It's Impact On Spam 72 Changes in International Distribution of Spam 72 Changes in Spam Content 74®X-Force 2008 Trend & Risk Report
Phishing 77 Phishing Volume 77 Phishing - Country of Origin 78 Phishing - Country of Origin Trends 79 Phishing URLs - Country of Origin 81 Phishing URLs - Country of Origin Trends 82 Phishing - Most Popular Subject Lines 84 Phishing Targets 85 Phishing - Targets by Industry 85 Phishing - Financial Targets by Geography 86Web Content Trends 87 Analysis Methodology 88 Percentage of Unwanted Internet Content 88 Geographical Distribution of Adult Content 89 Geographical Distribution of Socially Deviant Content 89 Geographical Distribution of Criminal Content 90 Increase of Anonymous Proxies 90Malware Trends 92 Malware Category Trends 92 Trojan Functionality Breakdown 93 Analysis and Findings 95 Prevalent Malware Families 96 Analysis and Findings 97Notable Malware Events in 2008 98 MBR Rootkits 98 Scareware Programs & Fake Antivirus 99 Botnets and SQL Injection Attacks 100 Autorun Worms 100 Malware Targeting Online Game Users 101®X-Force 2008 Trend & Risk ReportPage 1
Overview ®The IBM Internet Security Systems X-Force research and development team discovers, analyzes, monitors and records a wide array of computer security threats and vulnerabilities. According to X-Force observations, many new and surprising trends surfaced throughout 2008. We hope that the information presented in this report about these trends will provide a foundation for planning your information security efforts in 2009 and beyond.
The security industry puts a lot of effort into the technical evaluation of security threats, examining, sometimes at great length, the pote... [download for more]
