Language Selection

English French German Italian Portuguese Spanish

Drive-by Trojans exploit browser flaws

Filed under

Trojans - malicious programs that pose as benign apps - are usurping network worms to become the greatest malware menace. Sixteen of the 50 most frequent malicious code sightings reported to Symantec in the second half of 2004 were Trojans. In the first six months of last year, Trojans accounted for just eight of the top 50 malicious code reports.

Symantec blames Trojans for an upsurge in client-side exploits for web browsers. Trojans create the means to deliver malicious code onto vulnerable Windows PCs. Browsers are the primary target, but flaws in email clients, peer-to-peer networks, instant messaging clients, and media players can also be exploited in this way.

Between July and December 2004 Symantec documented 13 vulnerabilities affecting Internet Explorer and 21 vulnerabilities affecting each of the Mozilla browsers. Six vulnerabilities were reported in Opera and none in Safari.

Of the 13 vulns affecting IE in 2H04, nine were classified as "high severity". Of the 21 vulnerabilities affecting the Mozilla browsers, Symantec classified 11 as "high severity". Firefox users enjoyed an easier ride with just seven affecting "high severity" vulns over the report period.

Symantec says there have been few attacks in the wild against Mozilla, Mozilla Firefox, Opera, or Safari, but the jury is still out on whether these browsers represent a more secure alternative to IE.

Nigel Beighton, Symantec’s director of enterprise strategy, EMEA, told El Reg that choice of browser is less important than activating seldom-used security zones features to limit exposure. "If you don't set trusted sites and stick by default browser security it's like surfing everywhere on the net with your wallet open," he said.

Symantec's Internet Threat Report, published Monday (21 March), brings together data gleaned from the security firm's SecurityFocus and managed security services division. The report found that financial service industry was the most frequently targeted sector in internet attacks, followed by hi-tech and pharmaceutical firms. "Attacks are becoming more targeted and specific," said Beighton.

For the third straight reporting period, the Microsoft SQL Server Resolution Service Stack Overflow Attack (formerly referred to as the Slammer Attack) was the most common attack, used by 22 per cent of all attackers. Organisations reported 13.6 attacks per day, up from 10.6 in the previous six months. The United States continues to be the top country of attack origin, followed by China and Germany.

Variants of NetSky, MyDoom, and Beagle, dominated the top ten malicious code samples in the second half of 2004. Symantec documented more than 7,360 new Win32 viruses and worms, 64 per cent up on the first half of the year. Two bots (malicious code that turns infected PCs into zombies under the command of hackers) were present in the top ten malicious code samples, compared to one in the previous reporting period. There were 21 known samples of malicious code for mobile applications, up from one in June 2004.

Symantec also noted a marked rise in email scams over second half of 2004. The firm's BrightMail anti-spam filters blocked an average of 33 million phishing emails a week in December 2004 compared to nine million a week in July 2004.
Symantec documented 1,403 new vulnerabilities in the second half of 2003, up 13 per cent from the first six months of last year. The vast majority (97 per cent) of the vulns recorded between July and December 2004 were either moderate or high risk.

In addition, over 70 per cent of these security flaws could be exploited using readily available tools or without the need for any attack code. The time between the disclosure of a vulnerability and the release of an associated exploit increased from 5.8 to 6.4 days.

Continuing a recent trend, web applications were a particular source of security problems. Almost half - 670 of 1,403 - of the security bugs logged by Symantec in 2H04 affected web applications. ®


More in Tux Machines

Android Leftovers

Security News

  • How your DVR was hijacked to help epic cyberattack
    Technology experts warned for years that the millions of Internet-connected "smart" devices we use every day are weak, easily hijacked and could be turned against us. The massive siege on Dyn, a New Hampshire-based company that monitors and routes Internet traffic, shows those ominous predictions are now a reality. An unknown attacker intermittently knocked many popular websites offline for hours Friday, from Amazon to Twitter and Netflix to Etsy. How the breach occurred is a cautionary tale of the how the rush to make humdrum devices “smart” while sometimes leaving out crucial security can have major consequences.
  • Find Out If One of Your Devices Helped Break the Internet
    Security experts have been warning for years that the growing number of unsecured Internet of Things devices would bring a wave of unprecedented and catastrophic cyber attacks. Just last month, a hacker publicly released malware code used in a record-breaking attack that hijacked 1.5 million internet-connected security cameras, refrigerators, and other so-called “smart” devices that were using default usernames and passwords. On Friday, the shit finally hit the fan.
  • Once more, with passion: Fingerprints suck as passwords
    Fingerprints aren’t authentication. Fingerprints are identity. They are usernames. Fingerprints are something public, which is why it should really bother nobody with a sense of security that the FBI used them to unlock seized phones. You’re literally leaving your fingerprints on every object you touch. That makes for an abysmally awful authentication token.
  • Strengthen cyber-security with Linux
    Using open source software is a viable and proven method of combatting cyber-crime It’s encouraging to read that the government understands the seriousness of the loss of $81 million dollars via the hacking of Bangladesh Bank, and that a cyber-security agency is going to be formed to prevent further disasters. Currently, information security in each government department is up to the internal IT staff of that department.
  • Canonical announces live kernel patching for Ubuntu
    Canonical, the company behind the Ubuntu GNU/Linux distribution, has announced that it will provide a live kernel patching services for version 16.04 which was released in April.
  • Everything you know about security is wrong
    If I asked everyone to tell me what security is, what do you do about it, and why you do it. I wouldn't get two answers that were the same. I probably wouldn't even get two that are similar. Why is this? After recording Episode 9 of the Open Source Security Podcast I co-host, I started thinking about measuring a lot. It came up in the podcast in the context of bug bounties, which get exactly what they measure. But do they measure the right things? I don't know the answer, nor does it really matter. It's just important to keep this in mind as in any system, you will get exactly what you measure. [...] If you have 2000 employees, 200 systems, 4 million lines of code, and 2 security people, that's clearly a disaster waiting to happen. If you have 20, there may be hope. I have no idea what the proper ratios should be, if you're willing to share ratios with me I'd love to start collecting data. As I said, I don't have scientific proof behind this, it's just something I suspect is true.
  • Home Automation: Coping with Insecurity in the IoT
    Reading Matthew Garret’s exposés of home automation IoT devices makes most engineers think “hell no!” or “over my dead body!”. However, there’s also the siren lure that the ability to program your home, or update its settings from anywhere in the world is phenomenally useful: for instance, the outside lights in my house used to depend on two timers (located about 50m from each other). They were old, loud (to the point the neighbours used to wonder what the buzzing was when they visited) and almost always wrongly set for turning the lights on at sunset. The final precipitating factor for me was the need to replace our thermostat, whose thermistor got so eccentric it started cooling in winter; so away went all the timers and their loud noises and in came a z-wave based home automation system, and the guilty pleasure of having an IoT based home automation system. Now the lights precisely and quietly turn on at sunset and off at 23:00 (adjusting themselves for daylight savings); the thermostat is accessible from my phone, meaning I can adjust it from wherever I happen to be (including Hong Kong airport when I realised I’d forgotten to set it to energy saving mode before we went on holiday). Finally, there’s waking up at 3am to realise your wife has fallen asleep over her book again and being able to turn off her reading light from your alarm clock without having to get out of bed … Automation bliss!

Microsoft Corruption, Rejections, and Struggles

  • Microsoft licensing corruption scandal in Romania has ended on October 3rd
    This scandal covers buying Microsoft licensees for Romanian administration from 2004 to 2012 for total 228 millions USD. During the investigation was found that more than 100 people, former ministers, mayor of Bucuresti and businessman are involved in this corruption scandal and more than 20 millions euro are paid as bribes.
  • 49ers Colin Kaepernick, Chip Kelly review Microsoft Surface tablets, which Bill Belichick is ‘done’ using
    Ranting about Microsoft’s unreliable, sideline tablets is not a top priority for 49ers coach Chip Kelly and quarterback Colin Kaepernick, not with a five-game losing streak in tow for Sunday’s game against the Tampa Bay Buccaneers. But both Kelly and Kaepernick confirmed this week that they’ve experienced problems with the Microsoft Surface tablets. They’re just not as fed up with them as New England Patriots coach Bill Belichick, who’s lambasted the imperfect technology for years and finally declared this week: “I’m done with the tablets.”
  • Windows: When no growth is an improvement
    Research firms like IDC and Gartner have continued to forecast contraction, not expansion, in the PC business. Only when enterprise migrations to Windows 10 kick into gear do analysts see a reversal of the industry’s historic slump. That isn’t expected to happen until next year.

Parsix GNU/Linux 8.10 "Erik" & 8.15 "Nev" Receive Latest Debian Security Updates

After releasing the first Test build of the upcoming Parsix GNU/Linux 8.15 "Nev" operating system a couple of days ago, today, October 23, 2016, the Parsix GNU/Linux development team announced the availability of new security updates for all supported Parsix GNU/Linux releases. Parsix GNU/Linux 8.10 "Erik" is the current stable release of the Debian-based operating system, and it relies on the Debian Stable (Debian GNU/Linux 8 "Jessie") software repositories. On the other hand Parsix GNU/Linux 8.15 "Nev" is the next major version, which right now is in development, but receives the same updates as the former. Read more