Language Selection

English French German Italian Portuguese Spanish

Drive-by Trojans exploit browser flaws

Filed under
Security

Trojans - malicious programs that pose as benign apps - are usurping network worms to become the greatest malware menace. Sixteen of the 50 most frequent malicious code sightings reported to Symantec in the second half of 2004 were Trojans. In the first six months of last year, Trojans accounted for just eight of the top 50 malicious code reports.

Symantec blames Trojans for an upsurge in client-side exploits for web browsers. Trojans create the means to deliver malicious code onto vulnerable Windows PCs. Browsers are the primary target, but flaws in email clients, peer-to-peer networks, instant messaging clients, and media players can also be exploited in this way.

Between July and December 2004 Symantec documented 13 vulnerabilities affecting Internet Explorer and 21 vulnerabilities affecting each of the Mozilla browsers. Six vulnerabilities were reported in Opera and none in Safari.

Of the 13 vulns affecting IE in 2H04, nine were classified as "high severity". Of the 21 vulnerabilities affecting the Mozilla browsers, Symantec classified 11 as "high severity". Firefox users enjoyed an easier ride with just seven affecting "high severity" vulns over the report period.

Symantec says there have been few attacks in the wild against Mozilla, Mozilla Firefox, Opera, or Safari, but the jury is still out on whether these browsers represent a more secure alternative to IE.

Nigel Beighton, Symantec’s director of enterprise strategy, EMEA, told El Reg that choice of browser is less important than activating seldom-used security zones features to limit exposure. "If you don't set trusted sites and stick by default browser security it's like surfing everywhere on the net with your wallet open," he said.

Symantec's Internet Threat Report, published Monday (21 March), brings together data gleaned from the security firm's SecurityFocus and managed security services division. The report found that financial service industry was the most frequently targeted sector in internet attacks, followed by hi-tech and pharmaceutical firms. "Attacks are becoming more targeted and specific," said Beighton.

For the third straight reporting period, the Microsoft SQL Server Resolution Service Stack Overflow Attack (formerly referred to as the Slammer Attack) was the most common attack, used by 22 per cent of all attackers. Organisations reported 13.6 attacks per day, up from 10.6 in the previous six months. The United States continues to be the top country of attack origin, followed by China and Germany.

Variants of NetSky, MyDoom, and Beagle, dominated the top ten malicious code samples in the second half of 2004. Symantec documented more than 7,360 new Win32 viruses and worms, 64 per cent up on the first half of the year. Two bots (malicious code that turns infected PCs into zombies under the command of hackers) were present in the top ten malicious code samples, compared to one in the previous reporting period. There were 21 known samples of malicious code for mobile applications, up from one in June 2004.

Symantec also noted a marked rise in email scams over second half of 2004. The firm's BrightMail anti-spam filters blocked an average of 33 million phishing emails a week in December 2004 compared to nine million a week in July 2004.
Symantec documented 1,403 new vulnerabilities in the second half of 2003, up 13 per cent from the first six months of last year. The vast majority (97 per cent) of the vulns recorded between July and December 2004 were either moderate or high risk.

In addition, over 70 per cent of these security flaws could be exploited using readily available tools or without the need for any attack code. The time between the disclosure of a vulnerability and the release of an associated exploit increased from 5.8 to 6.4 days.

Continuing a recent trend, web applications were a particular source of security problems. Almost half - 670 of 1,403 - of the security bugs logged by Symantec in 2H04 affected web applications. ®

Source.

More in Tux Machines

LibreOffice: LibreOffice 6.2.8, FOSDEM 2020 and LibreOffice Conference 2019

  • LibreOffice 6.2.8 is available, the last release of the 6.2 family

    The Document Foundation announces LibreOffice 6.2.8, the last minor release of the LibreOffice 6.2 family. All users of LibreOffice 6.2.x versions should update immediately for enhanced security, and be prepared to upgrade to LibreOffice 6.3.4 as soon as it becomes available in December. For enterprise class deployments, TDF strongly recommends sourcing LibreOffice from one of the ecosystem partners to get long-term supported releases, dedicated assistance, custom new features and bug fixes, and other benefits. Also, the work done by ecosystem partners flows back into the LibreOffice project, benefiting everyone. LibreOffice’s individual users are helped by a global community of volunteers: https://www.libreoffice.org/get-help/community-support/. On the website and the wiki there are guides, manuals, tutorials and HowTos. Donations help us to make all of these resources available. LibreOffice users are invited to join the community at https://ask.libreoffice.org, where they can get and provide user-to-user support. While TDF can not provide commercial level support, there are guides, manuals, tutorials and HowTos on the website and the wiki. Your donations help us make these available.

  • LibreOffice 6.2.8 Arrives as the Last in the Series, Prepare for LibreOffice 6.3

    The Document Foundation released today the eight and final maintenance update for the LibreOffice 6.2 open-source and cross-platform office suite series. LibreOffice 6.2.8 is here one and a half months after the release of LibreOffice 6.2.7, which was announced in early September alongside the first point release of the latest LibreOffice 6.3 series. This maintenance release brings a total of 26 bug fixes and improvements across various components, as detailed here and here. While the LibreOffice 6.2 office suite series is still recommended for enterprise deployments, unfortunately it will reach end of life next month on November 30th. As such, the Document Foundation recommends all enterprise users to update to LibreOffice 6.2.8 immediately for enhanced security, and start preparing to upgrade to LibreOffice 6.3.

  • FOSDEM 2020: Open Document Editors DevRoom Call for Papers

    FOSDEM is one of the largest gatherings of Free Software contributors in the world and happens each year in Brussels (Belgium) at the ULB Campus Solbosch. In 2020, it will be held on Saturday, February 1, and Sunday, February 2. The Open Document Editors (OFE) DevRoom is scheduled for Saturday, February 1, from 10:30AM to 7PM. Physical room has not yet been assigned by FOSDEM. The shared devroom gives all project in this area a chance to present ODF related developments and innovations. We are now inviting proposals for talks about Open Document Editors or the ODF document format, on topics such as code, extensions, localization, QA, UX, tools and adoption related cases. This is a unique opportunity to show new ideas and developments to a wide technical audience.

  • Eight videos from the auditorium at LibreOffice Conference 2019

    In September we had the LibreOffice Conference 2019 in Almeria, Spain. We’re uploading videos from the presentations that took place, so here’s a new batch! First up is “Janitor of Sanity” with Stephan Bergmann...

SUSE/OpenSUSE Leftovers

  • Plasma, Applications, Frameworks arrive in Latest Tumbleweed Snapshot

    The most recent snapshot, 20191014, updated several packages around KDE’s projects. Plasma 5.17.0 arrived in the snapshot and there are some extraordinary changes to the new version. The release announcement says this new version is as lightweight and thrifty with resources as ever before. The start-up scripts were converted from a slower Bash to a faster C++ and now run asynchronously, which means it can run several tasks simultaneously, instead of having to run them one after another. Improvements to the widget editing User Experience were made and the Night Color feature became available, which subtly changes the hue and brightness of the elements on the screen when it gets dark; this diminishes glare and makes it more relaxing to the eyes. The same snapshot brought KDE Applications 19.08.2 and the second version of the 19.08 release improved High-DPI support in Konsole and other applications; there were many bugs fixes as well and KMail can once again save messages directly to remote folders. There was more KDE packages arriving in Tumbleweed with the update of KDE Frameworks 5.63.0; KIO, Kirigami and KTextEditor had the most bug fixes in frameworks latest release. The Tumbleweed snapshot had several other software packages updated like the file system utilities package e2fsprogs 1.45.4, which addressed Common Vulnerabilities and Exposures CVE-2019-5094 where an attacker would have been able to corrupt a ext4 partition. The 3.6.10 version of gnutls added support for deterministic Elliptic Curve Digital Signature Algorithm (ECDSA) / Digital Signature Algorithm (DSA). Text editor Nano updated to version 4.5 and offers a new ‘tabgives’ command allowing users to specify per syntax whatthe key should produce. The php7 7.3.10 version modified some patches and fixed some bugs. With all these changes, the snapshot is trending at a stable rating of 95, according to the Tumbleweed snapshot reviewer.

  • Multi-cloud Management: Stratos and Kubernetes

    At the recent Cloud Foundry Summit EU in the Netherlands, Neil MacDougall and Troy Topnik of SUSE presented a talk demonstrating and describing the work that SUSE has done to extend the Stratos management interface to include support for Kubernetes and Helm. They talked about how SUSE has used the Stratos extension mechanism to add new endpoint types for Kubernetes and Helm and we showed some of the features that SUSE has been developing. They wrapped things up by talking about where SUSE is headed next in extending Stratos beyond Cloud Foundry into a Multi-cloud Management interface.

Linux Foundation on Spying Giants Branded 'Confidential' and Banks Framed as "Open FinTech"

  • Confidential Computing Consortium Establishes Formation with Founding Members and Open Governance Structure

    The Confidential Computing Consortium, a Linux Foundation project and community dedicated to defining and accelerating the adoption of confidential computing, today announced the formalization of its organization with founding premiere members Alibaba, Arm, Google Cloud, Huawei, Intel, Microsoft and Red Hat. General members include Baidu, ByteDance, decentriq, Fortanix, Kindite, Oasis Labs, Swisscom, Tencent and VMware. The intent to form the Confidential Computing Consortium was announced at Open Source Summit in San Diego earlier this year. The organization aims to address data in use, enabling encrypted data to be processed in memory without exposing it to the rest of the system, reducing exposure to sensitive data and providing greater control and transparency for users. This is among the very first industry-wide initiatives to address data in use, as current security approaches largely focus on data at rest or data in transit. The focus of the Confidential Computing Consortium is especially important as companies move more of their workloads to span multiple environments, from on premises to public cloud and to the edge.

  • Confidential Computing Consortium Establishes Formation with Founding Members and Open Governance Structure – Member Comments
  • Open FinTech Forum Brings Together Technologists and Business Executives to Accelerate Development in Finance Sector

    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the speakers and program for Open FinTech Forum taking place December 9, 2019 at the Convene Conference Center in New York. To register, please visit: https://events19.linuxfoundation.org/events/open-fintech-forum-2019/register/ Open FinTech Forum is where financial services IT decision makers come to learn about the open technologies driving digital transformation – technologies like AI, blockchain and more – and how to best utilize an open source strategy and implementation to enable new products, services and capabilities; increase IT efficiencies; establish and strengthen internal license compliance programs; and attract top-level talent and train existing talent on the latest disruptive technologies. “Open FinTech Forum brings the open source communities that support financial services together with CIOs, IT managers and developers working in the heart of finance,” said Angela Brown, General Manager of Events at The Linux Foundation. “We’re looking forward to showcasing the industry’s emerging and established open technologies fueling this space.”

today's howtos