 |
 |
Yep, these kind of things are extremely prevalent and dangerous. This isn't the mid-90's where a user would have to do something silly to trigger an attack by opening the wrong attachment. In my environment, I see 3 to 5 drive-by Java exploits a day, and that's just from what I can pick up with the AV definitions and gets past the bad domain blacklist. These things are coming in through the advertisement banners, usually which go through some kind of ad channel that is re-sold to third parties multiple times destroying any kind of accountability when something bad gets propagated; Or you have hundreds of thousands of webpages using a common framework (WordPress, for example) which has a mass exploit and now all those seemingly legitimate sites are silently hosting the latest JRE/PDF/Flash 0-day exploit. Even last night Sundance Chevy's website got blocked because it was hosting something bad, and a few night before that it was Bible.org, the Central Dakota Humane Society, and the National Association of State Boards of Accountancy websites. On Tue, 5 Feb 2013 18:33:43 -0500, Kwiatkowski, Nicholas <[log in to unmask]> wrote: >A better question would be -- how often have the done it already today? > >These exploits can be through drive-by advertisements on legitimate sites. They could be from bad sites. They could be from anywhere... > >-Nick >________________________________________ >From: David McFarlane [[log in to unmask]] >Sent: Tuesday, February 05, 2013 5:29 PM >To: [log in to unmask] >Subject: Re: [MSUNAG] JRE 6 Extended Support > >At 2/5/2013 04:02 PM Tuesday, Cooke, Tony wrote: >>Since the University recommends/requires out of date/unsupported >>software, which has known vulnerabilities, are we not being required >>to put ourselves at risk? If so, is it an acceptable risk? > >My question exactly. Just how dangerous is this JRE to our >users? Doesn't one have to be lured to a malicious website to >trigger this sort of attack? How likely are our users to do this? > >-- dkm