First, Service Pack 2 for Windows XP with its on-by-default firewall
and security-hardened system services arrived and was pushed out over Windows
Update to millions of computers, largely protecting consumers from directed attacks.
Second, cybercriminals became more aggressive, targeting consumers with malware
downloads. An entire industry sprang up offering a malware ???pay-per-install??? business
model and didn??™t ask any questions about how their ???software??? got installed. With
money as an incentive and firewalls as a barrier, malicious criminals turned their attention
to client-side attacks.
One interesting way to observe the growth of client-side vulnerabilities is to look at
the proportion of Microsoft security bulletins released addressing client-side vulnerabilities
compared with other vulnerabilities. Symantec did exactly this analysis early in
Chapter 15: Client-Side Browser Exploits
363
PART IV
Gray Hat Hacking: The Ethical Hacker??™s Handbook
364
2007 and published the chart seen in Figure 15-1. The light color is client-side vulnerabilities
and the dark is other vulnerabilities.
Reference
Symantec blog posting with Figure 15-1 context
www.symantec.com/enterprise/security_response/weblog/2007/02/microsoft_patch_tuesday_
februa.
Pages:
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655