Exploit Unveils August Survey

ATLANTA -- Exploit Prevention Labs (http://www.explabs.com), the leading developer of anti-exploit software, today released findings for its August 2006 Exploit PrevalenceSurveyT. Now in its fourth month, the Exploit Prevalence Survey is the first monthly survey to measure the top web-borne exploits based on real-world prevalence data. Results are derived from automated reports submitted by users of Exploit Prevention Labs' SocketShield anti-exploit

software, combined with exploit distribution data captured from the company's popular LinkScanner online URL scanning service and network of

automated hunting-pots.

New to this month's report is tracking of orphaned lure sites. Orphaned

lures are trusted web sites that have been hacked and which contain IFRAME links that call out to exploit servers that are dead or dormant.

An IFRAME is a common HTML tag, and is the primary mechanism used by cyber criminals to infect web site visitors with exploits via drive-by downloads. When a user with an unpatched system hits the site, the IFRAME command causes the user's browser to silently connect to another server, often an exploit server, that then attempts to force-download exploit code onto the user's computer.

"Although these sites are not actively serving exploits right now, we keep a close eye on them because cyber criminals frequently reactivate their exploit servers at a later date," said Roger Thompson, CTO of Exploit Prevention Labs and the survey's primary author. "The orphaned lures are also interesting because the site owners remain oblivious to the fact that they've been hacked and that they most like remain vulnerable to further hacks by the exploit distributors."

Exploit Prevention Labs