Web Threats

Web-based threats – or online threats – are malware programs that can target you when you’re using the Internet. These browser-based threats include a range of malicious software programs that are designed to infect victims’ computers.

The main tool behind such browser-based infections is the exploit pack – which gives cybercriminals a route to infecting computers that either:

• Do not have a security product installed
• Contain a commonly used operating system or application that is vulnerable – because the user hasn’t applied the latest updates, or a new patch has yet to be issued by the software vendor

Applications and OSs that are targeted by online threats

Cybercriminals will use almost any vulnerability – within an operating system (OS) or an application – in order to conduct an exploit-based attack. However, most cybercriminals will develop web threats that deliberately target some of the most common OSs and applications, including:

• Java
  Because Java is installed on over 3 billion devices – that are running under various operating systems – exploits can be created to target specific Java vulnerabilities on several different platforms / OSs.
• Adobe Reader
  Although Adobe Reader has been targeted by many attacks, Adobe has implemented tools to protect the program against exploit activity – so that it’s getting harder to create effective exploits for the application. However, Adobe Reader was still a common target over the past 18 months.
• Windows and Internet Explorer
  Active exploits still target vulnerabilities that were detected as far back as 2010 – including MS10-042 in Windows Help and Support Center, and MS04-028 which is associated with incorrect handling of JPEG files.
• Android
  Cybercriminals use exploits to gain root privileges. Then, they can achieve almost complete control over the targeted device.

Millions of web attacks… every day

In 2012, the number of browser-based attacks was 1,595,587,670. On average, that means Kaspersky Lab products protected users against web threats more than 4.3 million times every day.

Kaspersky’s Internet security experts have identified the most active malicious software programs involved in web threats. The list includes the following types of online threats:

• Malicious websites
  Kaspersky identifies these websites by using cloud-based heuristic detection methods. Most malicious URL detections are for websites that contain exploits.
• Malicious scripts
  Hackers inject malicious scripts into the code of legitimate websites that have had their security compromised. Such scripts are used to perform drive-by attacks – in which visitors to the website are unknowingly redirected to malicious online resources.
• Scripts and executable PE files
  Generally, these either:
  • Download and launch other malicious software programs
  • Carry a payload that steals data from online banking and social network accounts, or steals login and user account details for other services
• Trojan-Downloaders
  These Trojan viruses deliver various malicious programs to users’ computers.
• Exploits and exploit packs
  Exploits target vulnerabilities and try to evade the attention of Internet security software.
• Adware programs
  Often, adware will simultaneously install when a user starts to download a freeware or shareware program.

Top 20 malicious programs on the Internet

In Kaspersky’s list of 2012’s most active malicious software programs associated with online threats, the following Top 20 account for 96% of all web attacks:

Position	Name*	Number of attacks	% of all attacks**
1	Malicious URL	1,393,829,795	87.36%
2	Trojan.Script.lframer	58,279,262	3.65%
3	Trojan.Script.Generic	38,948,140	2.44%
4	Trojan.Win32.Generic	5,670,627	0.36%
5	Trojan-Downloader.Script.Generic	4,695,210	0.29%
6	Exploit.Script.Blocker	4,557,284	0.29%
7	Trojan.JS.Popupper.aw	3,355,605	0.21%
8	Exploit.Script.Generic	2,943,410	0.18%
9	Trojan-Downloader.SWF.Voleydaytor.h	2,573,072	0.16%
10	AdWare.Win32.IBryte.x	1,623,246	0.10%
11	Trojan-Downloader.Win32.Generic	1,611,565	0.10%
12	AdWare.Win32.ScreenSaver.e	1,381,242	0.09%
13	Trojan-Downloader.JS.Iframe.cxk	1,376,898	0.09%
14	Trojan-Downloader.JS.Iframe.cyq	1,079,163	0.07%
15	Trojan-Downloader.JS.Expack.sn	1,071,626	0.07%
16	AdWare.Win32.ScreenSaver.i	1,069,954	0.07%
17	Trojan-Downloader.JS.JScript.ag	1,044,147	0.07%
18	Trojan-Downloader.JS.Agent.gmf	1,040,738	0.07%
19	Trojan-Downloader.JS.Agent.gqu	983,899	0.06%
20	Trojan-Downloader.Win32.Agent.gyai	982,626	0.06%

* These statistics represent detected verdicts of the web-based antivirus module and were submitted by users of Kaspersky Lab products who consented to share their local data.

**The percentage of unique users with computers running Kaspersky Lab products that blocked online threats.