System admins: patch your servers as often as you can!
About 71.2 percent of all exploits kits that attempt to inject malware into internet surfers’ computers were developed in Russia, and about 51.8 percent exploit rather older operating system vulnerabilities.
To be sure, Blackhole 2.0 is the most often used hacking rootkit, installed on thousands of websites to attack and takeover visitors’ computers.
However, it targets fewer software security holes than rival cybercrime kits. That’s according to a fresh report by managed security firm Solutionary.
Contrary to various hype that exploit kits target unpatched flaws in products, Solutionary found that the overall majority (59 percent) of exploited security vulnerabilities were more than two years old.
The company reviewed 26 commonly used malware kits and discovered code abusing security bugs dating as far back as 2004, evidence that older vulnerabilities continue to be mined for profit by cybercrooks.
Typically, criminal hackers compromise otherwise perfectly legitimate websites to plant hacking toolkits and distribute fake antivirus software, banking Trojans and other bad code.
Researchers at the security firm concluded that antivirus products cannot detect more than about 64 percent of malware being distributed, a finding that’s likely to be controversial in more ways than more.
The practical upshot to all of this is that system admins would be wise to regularly update their servers especially Windows Server 2003, 2008 and 2012, Adobe Flash, web browsers and Java code, rather than rely on security scanners to block any attacks that come their way.
“Exploit root kits largely focus on targeting end-user applications,” said Rob Kraus, a director of security research at Solutionary. “As a result, it’s absolutely critical that organizations pay close attention to security patch management and endpoint security controls in order to significantly lower the likelihood of a server compromise.”