Forum latest

Report: Zero-Days Are Now Attackers' Second Choice
General
Written by Daniel   
Thursday, 14 February 2008 13:58
Bad guys are increasingly exploiting known bugs, researchers say, but don't dismiss zero-days

FEBRUARY 13, 2008 | 5:44 PM
By Kelly Jackson Higgins
Senior Editor, Dark Reading

Zero-day vulnerabilities get the attention, but known bugs are the source of the most successful exploits, IBM researchers say in their new X-Force 2007 Report. (See IBM Report: Vulnerabilities Decline for First Time in 10 Years.)


“It’s not about having access to the vulnerability that no one else has,” says Kris Lamb, operations manager of X-Force Research and Development for IBM Internet Security Systems. “The most successful exploits from the past year... weren’t zero-days.”

Storm botnet exploits and other high-profile attacks were high-volume and attention-grabbing, for sure, but they used mostly existing, known vulnerabilities, he says. Publicly disclosed vulnerabilities decreased by 5.4 percent in 2007 over 2006, according to the IBM report, but the number of high-severity bugs increased by 28 percent.

It’s not that the bad guys never use zero-days. "But it’s how they can use a bunch of exploits to get the most coverage [and success]," Lamb says. “It’s less about spending resources on [finding] that zero-day.”

Botnet operators typically use known bugs for efficiency -- and economic -- reasons. “They don’t need to worry about zero days,” says Joe Stewart, senior security researcher for SecureWorks. “All they have to do is be patient and roll out an exploit kit and give it some time... I have to wonder if exploit-kit writers think it’s worth the trouble to get an 'O-day.' They pay a lot of money for it and it attracts a lot of attention... whereas if you’re just using the same old exploit and you’re not affecting that many hosts, you can keep your operation running longer.”

  Dark Reading  [Comments...]

 
Don't Click Here Don't Click Here Either