Language Selection

English French German Italian Portuguese Spanish

Drive-by Trojans exploit browser flaws

Filed under
Security

Trojans - malicious programs that pose as benign apps - are usurping network worms to become the greatest malware menace. Sixteen of the 50 most frequent malicious code sightings reported to Symantec in the second half of 2004 were Trojans. In the first six months of last year, Trojans accounted for just eight of the top 50 malicious code reports.

Symantec blames Trojans for an upsurge in client-side exploits for web browsers. Trojans create the means to deliver malicious code onto vulnerable Windows PCs. Browsers are the primary target, but flaws in email clients, peer-to-peer networks, instant messaging clients, and media players can also be exploited in this way.

Between July and December 2004 Symantec documented 13 vulnerabilities affecting Internet Explorer and 21 vulnerabilities affecting each of the Mozilla browsers. Six vulnerabilities were reported in Opera and none in Safari.

Of the 13 vulns affecting IE in 2H04, nine were classified as "high severity". Of the 21 vulnerabilities affecting the Mozilla browsers, Symantec classified 11 as "high severity". Firefox users enjoyed an easier ride with just seven affecting "high severity" vulns over the report period.

Symantec says there have been few attacks in the wild against Mozilla, Mozilla Firefox, Opera, or Safari, but the jury is still out on whether these browsers represent a more secure alternative to IE.

Nigel Beighton, Symantec’s director of enterprise strategy, EMEA, told El Reg that choice of browser is less important than activating seldom-used security zones features to limit exposure. "If you don't set trusted sites and stick by default browser security it's like surfing everywhere on the net with your wallet open," he said.

Symantec's Internet Threat Report, published Monday (21 March), brings together data gleaned from the security firm's SecurityFocus and managed security services division. The report found that financial service industry was the most frequently targeted sector in internet attacks, followed by hi-tech and pharmaceutical firms. "Attacks are becoming more targeted and specific," said Beighton.

For the third straight reporting period, the Microsoft SQL Server Resolution Service Stack Overflow Attack (formerly referred to as the Slammer Attack) was the most common attack, used by 22 per cent of all attackers. Organisations reported 13.6 attacks per day, up from 10.6 in the previous six months. The United States continues to be the top country of attack origin, followed by China and Germany.

Variants of NetSky, MyDoom, and Beagle, dominated the top ten malicious code samples in the second half of 2004. Symantec documented more than 7,360 new Win32 viruses and worms, 64 per cent up on the first half of the year. Two bots (malicious code that turns infected PCs into zombies under the command of hackers) were present in the top ten malicious code samples, compared to one in the previous reporting period. There were 21 known samples of malicious code for mobile applications, up from one in June 2004.

Symantec also noted a marked rise in email scams over second half of 2004. The firm's BrightMail anti-spam filters blocked an average of 33 million phishing emails a week in December 2004 compared to nine million a week in July 2004.
Symantec documented 1,403 new vulnerabilities in the second half of 2003, up 13 per cent from the first six months of last year. The vast majority (97 per cent) of the vulns recorded between July and December 2004 were either moderate or high risk.

In addition, over 70 per cent of these security flaws could be exploited using readily available tools or without the need for any attack code. The time between the disclosure of a vulnerability and the release of an associated exploit increased from 5.8 to 6.4 days.

Continuing a recent trend, web applications were a particular source of security problems. Almost half - 670 of 1,403 - of the security bugs logged by Symantec in 2H04 affected web applications. ®

Source.

More in Tux Machines

Open source runs Croatia’s geospatial services platforms

Croatia’s Ministry of Environment and Nature Protection has become one of the country’s major users of open source solutions. The software is making possible two geospatial service platforms on biodiversity and environmental protection, unveiled in May. Read more

today's leftovers

  • Three months with a Chromebook computer
    Chromebooks have become incredibly popular among some users, as you can see from Amazon's list of bestselling Chromebooks. One user decided to use a Chromebook as his primary computing device for three months, and found that it worked extremely well for him. [...] Debian Linux is known as a distribution that supports lots of different hardware, but now the Debian developers have announced the removal of support for the SPARC hardware architecture.
  • New Target for Mobile App Devs: Plasma Mobile on Linux
  • New Plasma Mobile, New Security Issues
    Jonathan Riddell said the hacking was frustrating at first, but Martin Gräßlin was able to get the system going with Wayland and KWin. Gräßlin said Plasma Mobile is the first product to use Wayland by default and the only reason Wayland is mature enough to be included as a technical preview in upcoming Plasma 5.4. They're confident Android apps will run on it at some point as well.
  • KDE Creates Plasma Mobile, A KDE Based Operating System For Mobile Phones
    As you may know, the KDE developers have created Plasma Phone UI, a Linux based operating based on Ubuntu Touch and Kubuntu Linux. The OS is open-source, has an user-friendly interface and provides a customizable platform for mobile devices. For now, KDE’s mobile OS is just a prototype and can be tested on the LG Nexus 5.
  • GSoC ’15 Post #5: Port Complete – Time for the Real Deal
    With loads of help from people on #kde-devel, we finally managed to complete the KDE Network Filesharing port to KF5. Wasn’t easy, given that this was my first time porting frameworks, but it was real fun. Apart from apol’s blogpost shared in my last post, here’s another post that was immensely helpful to me while porting: Porting a KControl Module to KF5.
  • Gnome Pie 0.6.3 (Circular Application Launcher) Brings New Features And Bug-Fixes
    As you may know, Gnome Pie is a circular application launcher, enabling the users to easily access their favorite apps, which they have added to the pie. For usage information, see this link.
  • Gnome 3.18 Will Include A News Reader App
  • ExLight Distro Brings Enlightenment 0.19.7 and Linux Kernel 4.0 to Ubuntu 15.04
    On July 26, Arne Exton, the creator of numerous distributions of GNU/Linux as well as various Android-x86 Live DVDs, was more than proud to announce the immediate availability for download of a new build for his ExLight Linux distribution.
  • OpenSUSE Leap 42 Will Be An OpenSUSE Flavor For The Users That Need A Stable System
  • Very slow ssh logins on Fedora 22
    I’ve recently set up a Fedora 22 firewall/router at home (more on that later) and I noticed that remote ssh logins were extremely slow. In addition, sudo commands seemed to stall out for the same amount of time (about 25-30 seconds).
  • Debian Dropping SPARC Support
    While Debian supports many CPU architectures, it's working to remove support for the Sun/Oracle SPARC architecture. As of this weekend, Debian has dropped SPARC from their unstable, experimental, and jessie-updates archives.
  • Ubuntu Touch OTA-5 Update Brings Double Battery Life On Meizu MX4 Ubuntu Edition
  • Ubuntu Phone Gets Blasted In Reviews This Week
  • 3.5-inch SBC runs Yocto on Braswell and 6 Watts
    Aaeon’s Yocto Linux ready, 3.5-inch “GENE-BSW5″ SBC offers Intel Braswell CPUs, dual GbE ports, six serial ports, and mini-PCIe, SATA, and mSATA expansion.
  • Not Learning Unix is a Mistake
    It has occurred to me that not learning Unix is a grave mistake. My relatively early exposure to Unix was important. I may not have appreciated Linux as much or even at all if I hadn't had that ability to experiment at home with Xenix. Learning about Unix develops new mental muscles like playing a musical instrument or learning a new language. But learning these new processes becomes more difficult with age. To me the exact technical details are less important. It does not really matter if you are a Linux user or if you use one of the BSDs or even something more exotic like Plan 9. The important thing is you can learn new concepts from what I will broadly refer to as the Unix/Internet Community.
  • Mmm, what's that smell, Google+? Yes it's death: Google unhooks 'social network' from YouTube
    Google is no longer forcing Google+ on the world: people will be able to log into YouTube, and other Googley services, without having to create mandatory Google+ profiles. From now on, only those who deliberately sign up for Google+ will create profiles on the ghost town of a social network. Previously, Google harassed users of YouTube, Gmail and so on, to convert their accounts into Google+ accounts, a move obviously designed to boost G+'s sad numbers. It didn't go down very well at all – a lot of folks hated it.
  • Google to block access to unofficial autocomplete API
    Google has decided the autocomplete API it informally offers will no longer be available for “unauthorised” users as of August 10th.

Leftovers: Software

today's howtos