Adobe Reader, IE dominated attacks list in 2009

A hole in Microsoft's Windows SMB2 (Server Message Block) protocol was the most attacked vulnerability last year, followed by holes in Adobe Reader and Flash Player, Internet Explorer 7, and Windows MPEG2 ActiveX Control, according to a Symantec report to be released on Tuesday.

Of Web-based attacks, suspicious PDF file downloads was the top method, representing nearly half of such attacks, followed by six attacks on IE, one targeting Adobe SWF (Shockwave Flash), and two targeting MPEG2 ActiveX Controls, the Symantec Global Internet Security Threat Report found.

Despite being the most attacked browser, IE had 45 reported vulnerabilities, compared with 169 vulnerabilities reported for Firefox. "This shows that attacks on software are not necessarily based on the number of vulnerabilities in a piece of software, but on its market share and the availability of exploit code as well," the report said.

Symantec documented 321 holes affecting browser plug-ins last year: 134 for ActiveX technologies, 84 for Java SE (Standard Edition), 49 for Adobe Reader, 27 for QuickTime, 23 for Adobe Flash Player, and 4 for Firefox extensions.

ActiveX holes are declining while Java SE and Adobe Reader are on the rise, most likely because they are "not only ubiquitous, but they are cross-browser and cross-platform technologies," the report said.

Meanwhile, Safari had 94 new vulnerabilities, Opera had 25, and Chrome 41. All of the browsers had an average window of exposure--the time between when exploit code affecting a vulnerability is made public and when it is patched--of less than 1 day, on average, except for Chrome (2 days) and Safari (13 days), according to the report.

In 2009, Symantec documented a dozen zero-day vulnerabilities, which the security firm defines as being holes that appear to have been exploited in the wild prior to being publicly known. Of those, four related to Adobe Reader and six related to Microsoft components including DirectX, IIS, and Office. That figure was up from nine zero-day holes recorded in 2008.

The report also provided insight into the underground market where criminals buy and sell tools for conducting Internet attacks. So-called crime-ware kits allow criminals to customize malicious code designed to steal data and other personal information that can then be used for identity theft. The Zeus kit, for instance, has been seen for sale at $700 but can be found for free, the report said. Symantec found nearly 90,000 unique variants of the basic Zeus toolkit.

Also last year, the United States was found to have the most overall malicious activity, to be the top country of attack origin and to have the most computers infected with stealth botnet software used to send spam or attack Web sites. However, Brazil was gained ground, ranking third in malicious activity behind the U.S. and China.

Symantec observed nearly 6.8 million distinct bot-infected computers worldwide last year.