Internet security center

Web Threats

Web-based threats – or online threats – are malware programs that can target you when you’re using the Internet. These browser-based threats include a range of malicious software programs that are designed to infect victims’ computers.

The main tool behind such browser-based infections is the exploit pack – which gives cybercriminals a route to infecting computers that either:

Applications and OSs that are targeted by online threats

Cybercriminals will use almost any vulnerability – within an operating system (OS) or an application – in order to conduct an exploit-based attack. However, most cybercriminals will develop web threats that deliberately target some of the most common OSs and applications, including:

  • Java
    Because Java is installed on over 3 billion devices – that are running under various operating systems – exploits can be created to target specific Java vulnerabilities on several different platforms / OSs.
  • Adobe Reader
    Although Adobe Reader has been targeted by many attacks, Adobe has implemented tools to protect the program against exploit activity – so that it’s getting harder to create effective exploits for the application. However, Adobe Reader was still a common target over the past 18 months.
  • Windows and Internet Explorer
    Active exploits still target vulnerabilities that were detected as far back as 2010 – including MS10-042 in Windows Help and Support Center, and MS04-028 which is associated with incorrect handling of JPEG files.
  • Android
    Cybercriminals use exploits to gain root privileges. Then, they can achieve almost complete control over the targeted device.

Millions of web attacks… every day

In 2012, the number of browser-based attacks was 1,595,587,670. On average, that means Kaspersky Lab products protected users against web threats more than 4.3 million times every day.

Kaspersky’s Internet security experts have identified the most active malicious software programs involved in web threats. The list includes the following types of online threats:

  • Malicious websites
    Kaspersky identifies these websites by using cloud-based heuristic detection methods. Most malicious URL detections are for websites that contain exploits.
  • Malicious scripts
    Hackers inject malicious scripts into the code of legitimate websites that have had their security compromised. Such scripts are used to perform drive-by attacks – in which visitors to the website are unknowingly redirected to malicious online resources.
  • Scripts and executable PE files
    Generally, these either:
    • Download and launch other malicious software programs
    • Carry a payload that steals data from online banking and social network accounts, or steals login and user account details for other services
  • Trojan-Downloaders
    These Trojan viruses deliver various malicious programs to users’ computers.
  • Exploits and exploit packs
    Exploits target vulnerabilities and try to evade the attention of Internet security software.
  • Adware programs
    Often, adware will simultaneously install when a user starts to download a freeware or shareware program.

Top 20 malicious programs on the Internet

In Kaspersky’s list of 2012’s most active malicious software programs associated with online threats, the following Top 20 account for 96% of all web attacks:

Position

Name*

Number of attacks

% of all attacks**

1

Malicious URL

1,393,829,795

87.36%

2

Trojan.Script.lframer

58,279,262

3.65%

3

Trojan.Script.Generic

38,948,140

2.44%

4

Trojan.Win32.Generic

5,670,627

0.36%

5

Trojan-Downloader.Script.Generic

4,695,210

0.29%

6

Exploit.Script.Blocker

4,557,284

0.29%

7

Trojan.JS.Popupper.aw

3,355,605

0.21%

8

Exploit.Script.Generic

2,943,410

0.18%

9

Trojan-Downloader.SWF.Voleydaytor.h

2,573,072

0.16%

10

AdWare.Win32.IBryte.x

1,623,246

0.10%

11

Trojan-Downloader.Win32.Generic

1,611,565

0.10%

12

AdWare.Win32.ScreenSaver.e

1,381,242

0.09%

13

Trojan-Downloader.JS.Iframe.cxk

1,376,898

0.09%

14

Trojan-Downloader.JS.Iframe.cyq

1,079,163

0.07%

15

Trojan-Downloader.JS.Expack.sn

1,071,626

0.07%

16

AdWare.Win32.ScreenSaver.i

1,069,954

0.07%

17

Trojan-Downloader.JS.JScript.ag

1,044,147

0.07%

18

Trojan-Downloader.JS.Agent.gmf

1,040,738

0.07%

19

Trojan-Downloader.JS.Agent.gqu

983,899

0.06%

20

Trojan-Downloader.Win32.Agent.gyai

982,626

0.06%


* These statistics represent detected verdicts of the web-based antivirus module and were submitted by users of Kaspersky Lab products who consented to share their local data.

**The percentage of unique users with computers running Kaspersky Lab products that blocked online threats.

© 1997 – 2014 Kaspersky Lab

All Rights Reserved. Industry-leading Antivirus Software