Language Selection

English French German Italian Portuguese Spanish

Drive-by Trojans exploit browser flaws

Filed under
Security

Trojans - malicious programs that pose as benign apps - are usurping network worms to become the greatest malware menace. Sixteen of the 50 most frequent malicious code sightings reported to Symantec in the second half of 2004 were Trojans. In the first six months of last year, Trojans accounted for just eight of the top 50 malicious code reports.

Symantec blames Trojans for an upsurge in client-side exploits for web browsers. Trojans create the means to deliver malicious code onto vulnerable Windows PCs. Browsers are the primary target, but flaws in email clients, peer-to-peer networks, instant messaging clients, and media players can also be exploited in this way.

Between July and December 2004 Symantec documented 13 vulnerabilities affecting Internet Explorer and 21 vulnerabilities affecting each of the Mozilla browsers. Six vulnerabilities were reported in Opera and none in Safari.

Of the 13 vulns affecting IE in 2H04, nine were classified as "high severity". Of the 21 vulnerabilities affecting the Mozilla browsers, Symantec classified 11 as "high severity". Firefox users enjoyed an easier ride with just seven affecting "high severity" vulns over the report period.

Symantec says there have been few attacks in the wild against Mozilla, Mozilla Firefox, Opera, or Safari, but the jury is still out on whether these browsers represent a more secure alternative to IE.

Nigel Beighton, Symantec’s director of enterprise strategy, EMEA, told El Reg that choice of browser is less important than activating seldom-used security zones features to limit exposure. "If you don't set trusted sites and stick by default browser security it's like surfing everywhere on the net with your wallet open," he said.

Symantec's Internet Threat Report, published Monday (21 March), brings together data gleaned from the security firm's SecurityFocus and managed security services division. The report found that financial service industry was the most frequently targeted sector in internet attacks, followed by hi-tech and pharmaceutical firms. "Attacks are becoming more targeted and specific," said Beighton.

For the third straight reporting period, the Microsoft SQL Server Resolution Service Stack Overflow Attack (formerly referred to as the Slammer Attack) was the most common attack, used by 22 per cent of all attackers. Organisations reported 13.6 attacks per day, up from 10.6 in the previous six months. The United States continues to be the top country of attack origin, followed by China and Germany.

Variants of NetSky, MyDoom, and Beagle, dominated the top ten malicious code samples in the second half of 2004. Symantec documented more than 7,360 new Win32 viruses and worms, 64 per cent up on the first half of the year. Two bots (malicious code that turns infected PCs into zombies under the command of hackers) were present in the top ten malicious code samples, compared to one in the previous reporting period. There were 21 known samples of malicious code for mobile applications, up from one in June 2004.

Symantec also noted a marked rise in email scams over second half of 2004. The firm's BrightMail anti-spam filters blocked an average of 33 million phishing emails a week in December 2004 compared to nine million a week in July 2004.
Symantec documented 1,403 new vulnerabilities in the second half of 2003, up 13 per cent from the first six months of last year. The vast majority (97 per cent) of the vulns recorded between July and December 2004 were either moderate or high risk.

In addition, over 70 per cent of these security flaws could be exploited using readily available tools or without the need for any attack code. The time between the disclosure of a vulnerability and the release of an associated exploit increased from 5.8 to 6.4 days.

Continuing a recent trend, web applications were a particular source of security problems. Almost half - 670 of 1,403 - of the security bugs logged by Symantec in 2H04 affected web applications. ®

Source.

More in Tux Machines

Games: Radeon Benchmarks, New Games, and CrossOver 17

  • AMDGPU-PRO 17.50 vs. RADV/RadeonSI Radeon Linux Gaming Performance
    With today's AMDGPU-PRO 17.50 Linux driver release alongside the Radeon Software Adrenalin Driver for Windows users, it's significant in a few ways. First and foremost, AMD has stuck to their word of the past two years and is now able to open-source their official Vulkan Linux driver. When it comes to AMDGPU-PRO 17.50 itself you are now able to mix-and-match driver components to choose what pieces you want of AMD's somewhat complicated driver make-up. Additionally, their OpenGL/Vulkan drivers in 17.50 have some new feature capabilities. So with that said here's a fresh look at how the AMDGPU-PRO 17.50 professional driver performance compares to the latest open-source RadeonSI OpenGL and RADV Vulkan drivers.
  • The End Is Nigh for Linux gamers is now out of beta on Steam
    Did you get a little worried at the start of that headline? Fret not, as it's about the game 'The End Is Nigh' and it's now out of beta on Steam for Linux.
  • The GOG winter sale is on, you can grab Grim Fandango Remastered for free
  • Run Your Favorite Windows Apps and Games Directly on Your Mac or Linux OS
    It’s almost 2018, and for some reason there still exists an obnoxious barrier between Windows, Mac, and Linux operating systems when it comes to running apps and playing games. CrossOver 17 for Linux was designed to break that tedious barrier down, by allowing you to run your favorite Windows apps and games directly on your Mac or Linux computer, and it’s available for over 50% off at just $19.

Graphics: NVIDIA and AMD

  • NVIDIA Pushes Out CUDA 9.1 With Compiler Optimizations, Volta Enhancements & More
    AMD isn't the only one busy with GPU software updates today but NVIDIA has issued CUDA 9.1 as their first feature update to the CUDA 9 compute platform.
  • Happy Holidays: AMD Finally Pushing Out Open-Source Vulkan Driver
    Ahead of the Vulkan 1.0 debut nearly two years ago, we heard that for AMD's Vulkan Linux driver it was initially going to be closed-source and would then be open-sourced once ready. At the time it sounded like something that would be opened up six months or so, but finally that milestone is being reached! Ahead of Christmas, AMD is publishing the source code to their official Vulkan Linux driver.
  • The Feature Differences Now Between AMD's Two OpenGL & Two Vulkan Linux Drivers
    For modern AMD graphics cards there are two OpenGL drivers and two Vulkan drivers available to Linux users/gamers that support the same modern AMD GPUs, not counting the older AMD Linux drivers, etc. Here's a rundown now on how those drivers compare. With AMDGPU-PRO 17.50 now allowing you to mix and match driver components and AMD finally open-sourcing their official Vulkan driver, the scene may be even more confusing about which AMD Linux driver(s) to use depending upon your use-case.
  • AMDGPU-PRO 17.50 Now Bundles Open-Source Components, Lets You Mix & Match Drivers
    There's more Radeon Linux excitement today beyond AMD finally open-sourcing their Vulkan driver. Coming out today is the AMDGPU-PRO 17.50 driver that bundles in the open-source RADV and RadeonSI drivers too, in letting you "mix and match" the driver components you want for your system.

End of Fedora 27 Modular Server

  • Fedora 27 Server classic release after all — and Modularity goes back to the drawing board
    You may remember reading about plans for Fedora 27 Server. The working group decided not to release that at the same time as the general F27 release, and instead provided a beta of Fedora 27 Modular Server. Based on feedback from that beta, they decided to take a different approach, and the Modularity subproject is going back to the drawing board. Fortunately, there is a contingency plan: Fedora’s release engineering team made a “classic” version of Fedora 27 Server — very similar to F26 Server, but with F27’s updated package set. The quality assurance ran this version through validation testing, and it’s being released, so:
  • Fedora 27 Modular Server Gets Canned; Fedora 27 Server Classic Released
    - The Fedora Project's plans on delivering an initial "Fedora 27 Modular Server" build constructed under their new packaging principles has been thwarted. Due to less than stellar feedback on their Fedora 27 Modular Server build, the Fedora Modular working group is going back to the drawing board for determining a brighter future to its design. Previous to being canned, F27 Modular Server was delayed to January but is now being abandoned in its current form.

Early Returns on Firefox Quantum Point to Growth

When we set out to launch Firefox Quantum earlier this year, we knew we had a hugely improved product. It not only felt faster — with a look and feel that tested off the charts — it was measurably faster. Thanks to multiple changes under the hood, we doubled Firefox’s speed while using 30% less memory than Chrome. In less than a month, Firefox Quantum has already been installed by over 170M people around the world. We’re just getting started and early returns are super encouraging. Read more Also: Mozilla Joins Net Neutrality Blackout for ‘Break the Internet’ Day