Hackers Increasingly Look for Cross-Platform Vulnerabilities

Hackers Increasingly Look for Cross-Platform Vulnerabilities
A Microsoft security researcher says malware makers seek 'economies of scale'.
By Antone Gonsalves
News Aug 2nd 2012

More and more hackers are targeting the same application vulnerabilities on Macs and Windows PCs as a way to reap the financial benefits of writing cross-platform malware.

The trend involves exploiting vulnerabilities that go as far back as 2009 in Office documents. Other cross-platform, third-party technologies favored by hackers include Java, Adobe PDF and Adobe Flash, Microsoft security researcher Methusela Cebrian Ferrer said Tuesday in the company's Malware Protection Center blog

Targeting the same vulnerabilities in applications commonly found on both platforms allows hackers to reap profits twice from the same malware, a trend Ferrer calls "economies of scale in cross-platform vulnerabilities. 

"This method of distribution allows the attacker to maximize their capability on multiple platforms," he said.

Stephen Cobb, security evangelist for ESET, said cybercriminals have treated malware development and methods for infecting systems as a business for years. "We can expect to see further application of business logic -- such as economies of scale, division of labor and risk/reward calculations -- to developments in this space," he said in an interview via email.