Flash exploits increase 40 fold in 2011

Zero day exploits remain rare

Exploits targeting bugs in Adobe’s Flash Player increased by more than 40 times in the three months after April, according to Microsoft.

During the 9 months prior to April 2011, Microsoft detected well below 50,000 Flash Player attacks, however after that they jumped to just under 300,000 detections, Microsoft reports in latest Security Intelligence Report (SIR).

The explosion came off the back of two zero day vulnerabilities and occurred in the weeks after Adobe patched them.

The first wave of attacks came on April 21, about a week after Adobe had patched a zero day exploit that relied on a rigged Shockwave (.swf) file embedded in a Microsoft Office document titled "Disentangling Industrial Policy and Competition Policy.doc", which purported to contain information regarding Fukushima Daiichi nuclear disaster in Japan.

Most of those attacks were directed at computers in Korea. Then in June, shortly after Adobe patched another zero day Flash flaw, a second series of attacks occurred through June and July, again directed mostly at Korea.

While zero day exploitation has been the focus of attention due to their use in several recent high profile attacks, SIR figures show they accounted for 0.12 per cent of all exploit activity in the first half of 2011, jumping to 0.37 per cent in June.

Jeff Jones, a director of Microsoft’s Trustworthy Computing Group, told CSO Australia’s US sister site, Computerworld, the threat of zero day attacks needs to be put in to context.

“For the person who has security as a day-to-day job, they need to worry about the things that are most prevalent and most severe.”

Compared to zero days and Flash exploits in general, the real threats were old favourites, Windows and Java exploits.

JavaScript exploits retained their dominance throughout 2011, however Windows exploits, which had been on the decline, shot up from fewer than 300,000 detections prior April to over 5 million by around June.

A “malformed” shortcut targeting a Windows flaw, originally used by the Stuxnet malware and detected in 2010, was almost solely responsible for the sudden jump as it became employed by other malware families, Microsoft noted.

Australia’s standing in the world in terms Windows infections was good compared with developing nations, which often had infection rates higher than 15 per cent, but average in the developed world.

The world infection rate of 9.8 per cent in the second quarter of 2011 was down from 11 per cent the previous quarter, while Australia’s Windows infection rate fell from 5.3 per cent to 4.6 per cent. This was on par with the Canada, US, UK, Ireland, the Netherlands, and New Zealand, but above the rates for Germany, Norway, Sweden, Switzerland

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags adobe flashbugsAdobe Flash playerShockwave

Show Comments