科技英语新闻:Web exploit toolkit top weapon for cyber criminals: report

SAN FRANCISCO, April 4 (Xinhua) -- Web exploit toolkits, or " packaged" attack frameworks that can be traded online, are rapidly growing as the top cybercrime weapon due to ease of use and high success rate, a new report has found.

"When it comes to conducting online crime, exploit toolkits are the weapon of choice for many cyber criminals," said the "2010 Top Cyber Security Risks Report" published by Hewlett-Packard Co. (HP) on Monday.

The trend started in 2006 with the release of WebAttacker, considered by many to be the first modern day web exploit toolkit, according to the report.

An emerging trend ensued and soon took off, and today the Internet is subjected to hundreds of exploits originating from these toolkits.

"With the ever-increasing, web-based criminal activity, the number of exploit toolkits has skyrocketed and shows no signs of slowing down," the report stated.

Though protecting against attacks originated with web exploit toolkits is becoming increasingly difficult, there are ways to minimize the risk of infection, said the report, noting that one of the most effective defenses is to install patches onto host systems.

The report also found that while the number of attacks against known vulnerabilities continues to rise, the number of discovered vulnerabilities has plateaued in 2010.

"We've discovered that rather than investing resources to uncover new exploits, attackers are focused on current, unpatched vulnerabilities in web applications, social networking sites and Web 2.0 interfaces," Mike Dausin, a manager at HP Digital Vaccine Labs, said in a statement.

Data from the report showed that nearly half of all reported vulnerabilities exist in web applications, and third-party plug- ins to content management systems have become the leading cause of web application vulnerabilities.