SQL injection attack was used to propagate the malicious code that exploited zero day vulnerability in Microsoft Internet explorer last year. [Symantec, (2009 ) pg. (47)] the aim of the attackers employing this kind of a generic attack is to exploit the trust of visitors of a website that is usually known to be safe and secure. More recent attack involving a web application was the zero-day attack that exploited multiple vulnerabilities in Adobe Flash Player. [Kaspersky Lab, 2009]
Conclusion
There is a clear change in the computer security scenario. Cybercriminals do not just do it for fun or fame anymore but are getting more professional and monetizing their skills in the underground economy. Phishing, identity theft and stealing of valuable personal and financial information would continue to be a major nuisance in the coming years. A new form of attack using seemingly safe data files such as PDFs, media files, etc., will become more common in the coming years as criminals are employing different obfuscation techniques to evade AV detection. There will be more attacks on webkit-based browsers that are used in mobile Internet devices such as iphones. Web browsers will continue to be the most targeted software for attacks as these are the most used agents for almost all Internet related applications. As always, prevention is better than cure. Even a common sense approach such as logging in as a user instead of administrator ("principle of least privilege') would limit the extent of damage to a great extent. Updating antivirus software, operating...
g system and other software regularly and using sensible precautions such as regular backups would certainly eliminate the risk or atleast minimize the damage of a malware attack.
Bibliography
1) ESET, (DEC, 2008), 'ESET Annual Global Threat Report', Retrieved Oct 30th 2009, from, http://www.eset.com/threat-center/threat_trends/EsetGlobalThreatReport (Jan2009).pdf
2) Symantec, (Apr 2009), ' Symantec Global Internet Security Threat Report', Retrieved Oct 30th 2009, from, http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiv_04-2009.en-us.pdf
3) Eugene Kaspersky, (2006), 'Changes in the Anti-Virus Industry', Retrieved Oct 29th 2009, from http://www.kaspersky.com/in/reading_room?chapter=188361044
4) Symantec, (Sep 2007), ' Symantec reports Cyber Criminals Are Becoming Increasingly Professional', Retrieved Oct 29th 2009, from http://www.symantec.com/about/news/release/article.jsp?prid=20070917_01
5) Alexi Oreskovic, (2009) 'Hacker Attacks Silence Twitter, Slow Facebook', Retrieved Oct 29th 2009, from http://www.reuters.com/article/internetNews/idUSTRE57548520090806
6) Thomas Claburn, (July 2009), 'Microsoft Warns of 'Browse-and-Get-Owned' Attack', retrieved Oct 30, 2009, from, http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=218400787
7) Kaspersky Lab, 2009, ' Adobe Flash Player Multiple Vulnerabilities', retrieved Oct 30th 2009, from, http://www.viruslist.com/en/advisories/35948
