Examination of vulnerable online Web browser populations and the "insecurity iceberg"
Stefan Frei, Thomas Duebendorfer, Gunter Ollmann, Martin May
August 10, 2008, DEFCON 16
In recent years the Web browser has increasingly become targeted as an infection vector for vulnerable hosts. Classic service-centric vulnerability exploitation required attackers to scan for and remotely connect to vulnerable hosts (typically servers) in order to exploit them. Unlike these, Web browser vulnerabilities are commonly exploited when the user of the vulnerable host visits a malicious Web site.
While several studies and reports have focused upon the scale of the mass-defacements and malicious content being served by compromised servers, none have provided quantitative ana- lysis of the most critical component in drive-by download attacks - the number of users likely to become victims of the attack due to the use of insecure Web browser technologies.
The analysis presented in this paper is based on the large global user base of Google’s Web search and application sites. By measuring the lower bounds of insecure Web browsers used to daily surf the Internet, we provide new insights into the global vulnerable Web browser problem. To capture the extent of this security problem, we introduce the notion of the "Insecurity Iceberg" and estimate the number of users worldwide relying on a Web browser version differ- ent from the latest most secure version or vulnerable plug-ins, which could result in a host compromise.
Following this detailed analysis, we identify and discuss a number of current and future protection technologies that can help mitigate the escalating threat to vulnerable Web browsers.
- Whitepaper (Archive): Understanding The Web Browser Threat (pdf)