Professional Documents
Culture Documents
X-Force 1- 2009
IBM ISS
issru@ru.ibm.com
X-Force R&D –
X-Force
9 web-
IBM Internet Security Systems™ 150
X-Force® R&D:
40 -
43
!
"
#
# /
web-
$
%
& X-Force –
IBM
#
X-Force
" ' ( )(
'
!
" X-Force XPU’s
X-Force
" + X-Force
X-Force –
– (
McAfee Core
Bindview
(FoundStone, SDI
2.2%
IntruVert) 3.6%
51.1% 5.1%
7
Symantec
ISS
(@Stake)
IBM ISS X-Force 6.6%
iDefense
, 6
8.0%
X-Force
IBM ISS X-Force NGS
10.9% 51.1%
, eEye
12.4%
+ X-Force
– + 40 000
– # 1990-
*
$ )
...
– 8 000
– 17 000
– 43 000
, (
- (
!!
$ =!
' ) : )
3,240 2009 ,
8% , 2008 , 0 SQL ActiveX
50.4% – Web-
“ ”–
«1 » ) 55%
) « », )( )
2 web- 508% )
2008 .
URL- ( URL),
,
$ (blogspot, doubleclick, google)
66% ) , 31% - online-
# :
,
2
2
, 0 SQL
ActiveX
•#
6%
•$
8%
# :
,
$ (
ActiveX
1
ActiveX
PDF-% "
%
1. Microsoft MDAC RDS Dataspace ActiveX Microsoft MDAC RDS Dataspace ActiveX
(CVE-2006-0003) (CVE-2006-0003)
24%
) (19% 2008 )
Microsoft
3
)
2005
Apple 1
)
3 -
(49%)
, 1-
2009 , )
* , 20
**IBM 82 , 3 - 3.7%
BSD 2% 4%
Others 7% 11%
" Web- - )
50.4%
web-
0 SQL
(Cross-Site Scripting)
« )»
" Web- - )
&
“ web-
$400 to
$4,000.” -Darkreading.com
)( 2009 –
“ ”
50% ,
2006-2007
“ ”
, -
, 2006-2007
“* ”
0 SQL -
)
' 0 SQL:
50% Q1 2009 vs. Q4 2008 and nearly
doubling in Q2 vs. Q1
/
0 SQL )
/
0 SQL
* « »
*
0
**
* . .
" – Firefox « »
Internet Explorer
+ -
( (Browser Exploitation
Prevention – BEP)
n - –
'
• 4 ),
ROI
n BEP
"
• 20 ( ( )
# 1- 2009
Portable Document Format (PDF), 2008
PDF « » 1 Office
* :
• ) .PDF
, .EXE
• PDF-
20
2 web-
– "
,
Web
PDF- ,
– 3
– "
2-
) 1-
2 web- 508%!
$. / 2 ) «
» web-
• 5 – 8%
# ) )
• 2
80%
) 2008
«4 » web- « »
)
, (
$ , ( 10
, ) 28%,
online- 14%
60% – URL-
$ « »
30% $. /, 2
$ , ,
2
6 ) 0.1%
2 ,
online- ,
24%
• 3 10
38%
• # 2008 6.23%
Subject Line %
# ) « »
% « » 9%
+
(
"
2009 –
• 1 ,
,
, ),
)
,
(
% IBM X-Force
24/7. 7 http://xforce.iss.net/
" # ?
" #
?
" # , )(
# ?
, ( ( # ?
2 # ( #
?
/ #
?
2 # ( (
)( ?
28 : | X-Force © 2009 IBM Corporation
IBM Internet Security Systems (IBM ISS)
http://www.ibm.com/ru/services/iss/iss.html
http://www.iss.net/support/documentation/index.php
https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_alp.php
! " #$%&'()
http://www-935.ibm.com/services/us/iss/xforce/trendreports/
* +
http://www.ibm.com/ru/services/iss/solutions.html
M I
. /, . 2 =87'8DG&9: '; <=> (&>
F N . . /, . 284)L)O 94)9: '; <=> (&>
F 0 /, . 28$C7'&G<D: '; <=> (&>
.
T U . /, . 2D<G<78 ')> )Q&9: '; <=> (&>
. I 1
A. M . /, . 2)PG8Q8G&9: '; <=> (&>
! R
S I . . /, . 2;4<8D8 =;489<D7C)98: '; <=> (&>