Overview
Vulnerable programs are among the most commonplace ways to attack victims and steal personal data. Exploits, pieces of malicious code that utilize vulnerabilities in popular software to infect the system, are used in malware designed to steal consumers’ personal data, but they are also the philosopher’s stone of cybercrime wizardry in terms of targeted attacks or cyber warfare. All known cyber weapons, such as Stuxnet and Duqu, used exploits to sneak into heavily guarded IT infrastructures for the purposes of sabotage and cyber espionage.
The main goal of Kaspersky Lab’s team of security experts and analysts is to identify and block all new cyber threats, including exploits. Apart from the traditional methods of detecting and blocking particular malware samples based on their signatures, new, smart techniques are used to block even previously unknown exploits or those that utilize newly discovered, or “zero-day”, software vulnerabilities. Automatic Exploit Prevention is a prominent example of this innovative technology. It detects and blocks exploits based on their behavior, before they can harm our customers. To develop these kinds of technologies, we need to really understand what our customers need: which programs they use and how they deal with vulnerable software.
We compile this data using the cloud-based Kaspersky Security Network: in exchange for this invaluable information our customers benefit from this network by receiving the most up-to-date news on the latest threats in almost real-time mode. Before coming to Kaspersky Lab’s servers, the information about local security incidents and usage data is cleaned from all personal information, maintaining strict anonymity.
This report is based on information about vulnerable programs found on the computers of our customers. The vulnerability scan is one of the standard features of Kaspersky Lab products like Kaspersky Internet Security 2013: it helps users to identify and upgrade critically vulnerable software. The purpose of this research is to understand how users react to vulnerable programs and analyze the potential dangers of vulnerable software.
read more........http://www.securelist.com/en/analysis/204792278/Kaspersky_Lab_report_Evaluating_the_threat_level_of_software_vulnerabilities