Topical Issues Affecting The Threat Landscape - Prevalence Of Web Threats

In October 2009 Symantec’s Security Intelligence Analysis Team will release the first of a series of quarterly reports focusing on topical issues affecting the threat landscape. I would be presenting findings from this report.

This talk would discuss the prevalence of web threats, focusing on attacks targeting active X components. As server security has developed and hardened, we have also seen the development of more services shifting to the web and a reliance on web browser technologies. It is these services and browser components that attackers have shifted their attention to. I will highlight the relevance of this issue to consumers and enterprises with case studies revolving around vulnerabilities like the Microsoft Windows 'MPEG2TuneRequest' Object Remote Code Execution Vulnerability (CVE-2008-0015) and the 0day attacks that resulted by exploiting this vulnerability. After discussing the life cycle and impact of the attacks, the conclusion will have suggested best practices that can be used to mitigate the growing client side risks being targeted on the current threat landscape.