Skip to content ↓ | Skip to navigation ↓

Researchers from the AV-Test Institute released a study that confirms what we have long suspected to be the case, that the majority of Windows systems (66%) infected with malware were compromised by way of Adobe Reader, Adobe Flash, and Java exploits.

Java exploits accounted for the majority of attacks, with an astounding 82,000 attacks available against multiple versions of the software which is estimated to be installed on more than 3 billion devices, and Adobe Reader had as many as 37,000 recorded variants of exploits in the wild.

“Such weaknesses enable Trojans and other forms of malware to invade PC systems, in some cases in an unstoppable manner,” the researchers said. “Users who rarely update their software and use insufficient security software have virtually no chance when faced with specially prepared malware.”

Graphic from the AV-Test Institute

The study was conducted over a ten year period, and revealed that attackers prey on victims with a “high level of precision” by first detecting the software versions running on a targeted system and then applying the appropriate exploit.

“If they recognise a known susceptible version of such software, they load the corresponding exploit version and send it to attack the user’s system via drive-by download. Users who have not installed a good, secure protection software won’t even notice the exploit as it makes its way onto their system,” the researchers stated.

The availability of Java and Flash for Mac’s means that Apple users, who were largely immune from malware attacks, are just as susceptible.

“Evidence of this new risk was already provided back in 2012 in the form of the Flashback Trojan for Mac OS X, which exploited a security vulnerability in Java in order to link systems to the Mac OS X Flashback (or Flashfake) botnet. This botnet was subsequently able to quickly recruit over 600,000 computers to carry out its commands,” the researchers noted.

Read More Here…