Language Selection

English French German Italian Portuguese Spanish

Drive-by Trojans exploit browser flaws

Filed under
Security

Trojans - malicious programs that pose as benign apps - are usurping network worms to become the greatest malware menace. Sixteen of the 50 most frequent malicious code sightings reported to Symantec in the second half of 2004 were Trojans. In the first six months of last year, Trojans accounted for just eight of the top 50 malicious code reports.

Symantec blames Trojans for an upsurge in client-side exploits for web browsers. Trojans create the means to deliver malicious code onto vulnerable Windows PCs. Browsers are the primary target, but flaws in email clients, peer-to-peer networks, instant messaging clients, and media players can also be exploited in this way.

Between July and December 2004 Symantec documented 13 vulnerabilities affecting Internet Explorer and 21 vulnerabilities affecting each of the Mozilla browsers. Six vulnerabilities were reported in Opera and none in Safari.

Of the 13 vulns affecting IE in 2H04, nine were classified as "high severity". Of the 21 vulnerabilities affecting the Mozilla browsers, Symantec classified 11 as "high severity". Firefox users enjoyed an easier ride with just seven affecting "high severity" vulns over the report period.

Symantec says there have been few attacks in the wild against Mozilla, Mozilla Firefox, Opera, or Safari, but the jury is still out on whether these browsers represent a more secure alternative to IE.

Nigel Beighton, Symantec’s director of enterprise strategy, EMEA, told El Reg that choice of browser is less important than activating seldom-used security zones features to limit exposure. "If you don't set trusted sites and stick by default browser security it's like surfing everywhere on the net with your wallet open," he said.

Symantec's Internet Threat Report, published Monday (21 March), brings together data gleaned from the security firm's SecurityFocus and managed security services division. The report found that financial service industry was the most frequently targeted sector in internet attacks, followed by hi-tech and pharmaceutical firms. "Attacks are becoming more targeted and specific," said Beighton.

For the third straight reporting period, the Microsoft SQL Server Resolution Service Stack Overflow Attack (formerly referred to as the Slammer Attack) was the most common attack, used by 22 per cent of all attackers. Organisations reported 13.6 attacks per day, up from 10.6 in the previous six months. The United States continues to be the top country of attack origin, followed by China and Germany.

Variants of NetSky, MyDoom, and Beagle, dominated the top ten malicious code samples in the second half of 2004. Symantec documented more than 7,360 new Win32 viruses and worms, 64 per cent up on the first half of the year. Two bots (malicious code that turns infected PCs into zombies under the command of hackers) were present in the top ten malicious code samples, compared to one in the previous reporting period. There were 21 known samples of malicious code for mobile applications, up from one in June 2004.

Symantec also noted a marked rise in email scams over second half of 2004. The firm's BrightMail anti-spam filters blocked an average of 33 million phishing emails a week in December 2004 compared to nine million a week in July 2004.
Symantec documented 1,403 new vulnerabilities in the second half of 2003, up 13 per cent from the first six months of last year. The vast majority (97 per cent) of the vulns recorded between July and December 2004 were either moderate or high risk.

In addition, over 70 per cent of these security flaws could be exploited using readily available tools or without the need for any attack code. The time between the disclosure of a vulnerability and the release of an associated exploit increased from 5.8 to 6.4 days.

Continuing a recent trend, web applications were a particular source of security problems. Almost half - 670 of 1,403 - of the security bugs logged by Symantec in 2H04 affected web applications. ®

Source.

More in Tux Machines

today's howtos and software bits

Security: Windows, Books, Apple and More

  • Windows 7 Enters the Last Six Months of Support [Ed: Microsoft propagandist (for ages) Bogdan Popa won't advise people to hop over to GNU/Linux (which he lies about, saying Microsoft "loves Linux")]

    According to third-party data provided by NetMarketShare, Windows 7 continues to be one of the most popular choices for desktop users.

  • Security bootcamp: 8 must-read books for leaders

    The threat of cybercrime constantly looms over business leaders – and it becomes more urgent as cyber attacks become more sophisticated. In 2019, security breaches happen more frequently, and the associated financial hit has increased, according to research from Accenture. Notably, the report points out that hackers increasingly target humans – the “weakest link in cyber defenses” – at all levels of organizations, through tactics like ransomware and phishing. (Witness the recent wave of ransomware attacks against U.S. cities, large and small.) That’s why it’s becoming essential for everyone – not just security professionals – to be well-versed in risk and their organization’s security efforts.

  • Security scanning your DevOps pipeline

    Security is one of the most important considerations for running in any environment, and using open source software is a great way to handle security without going over budget in your corporate environment or for your home setup. It is easy to talk about the concepts of security, but it's another thing to understand the tools that will get you there. This tutorial explains how to set up security using Jenkins with Anchore. There are many ways to run Kubernetes. Using Minikube, a prepackaged virtual machine (VM) environment designed for local testing, reduces the complexity of running an environment.

  • This Is Why We Have Betas. iOS 13 Beta Shows Saved Passwords

    There’s a reason we have beta versions of software: all the kinks need to be worked out. This is also why using beta versions always come with warnings and disclaimers that you’re using the software at your own risk. Users of the iOS 13 beta have discovered that there’s a bug that makes it easy to access the data in “Website & App Passwords” in the Settings app. Certainly, this is something Apple needs to get fixed before the official release, expected for September.

  • Hackers breached Bulgaria’s tax agency and leaked the data of 5M people

    Bulgaria has suffered what has been described as the biggest data leak in its history. The stolen data, which hackers emailed to local media on July 15, originates from the country’s tax reporting service – the National Revenue Agency (NRA). The breach contains the personal data of 5 million citizens, local outlet Capital reports. To put that into perspective, Bulgaria has a population of 7 million. Among other things, the trove includes personal identifiable numbers, addresses, and even income data.

Hardware: ASUS Chromebooks, MacBook Air Slowdowns, Exploding 'i' Things and Planned Obsolescence

  • Acer Chromebook R 11
  • ASUS Chromebook Flip C302CA
  • ASUS Chromebook C202SA
  • The 2019 MacBook Air Has 35% Slower SSD Than 2018 Model

    Tests were conducted on MacBook Air variants with different internal storage options and the drop in the write speeds were witnessed in every variant regardless of the internal storage.

  • 11-Year-Old Girl’s iPhone 6 Exploded Burning Holes In Blanket

    With smartphones from various tech companies falling prey to the exploding game, it seems like it’s Apple’s turn, as this time an iPhone caught fire in Bakersfield, California. It is suggested that 11-year-old Kayla Ramos was sitting in her sister’s bedroom and was holding the iPhone 6 in her hands. She mostly used it for watching YouTube videos and sometimes gave it to her younger siblings.

  • How many kinds of USB-C™ to USB-C™ cables are there?

    Why did it come to this? This problem was created because the USB-C connectors were designed to replace all of the previous USB connectors at the same time as vastly increasing what the cable could do in power, data, and display dimensions. The new connector may be and virtually impossible to plug in improperly (no USB superposition problem, no grabbing the wrong end of the cable), but sacrificed for that simplicity is the ability to intuitively know whether the system you've connected together has all of the functionality possible. The USB spec also cannot simply mandate that all USB-C cables have the maximum number of wires all the time because that would vastly increase BOM cost for cases where the cable is just used for charging primarily.

    How can we fix this? Unfortunately, it's a tough problem that has to involve user education. [...]

Programming: Thread Synchronization, Python, C++

  • Thread Synchronization in Linux and Windows Systems, Part 1

    In modern operating systems, each process has its own address space and one thread of control. However, in practice we often face situations requiring several concurrent tasks within a single process and with access to the same process components: structures, open file descriptors, etc.

  • Intro to Black – The Uncompromising Python Code Formatter

    There are several Python code checkers available. For example, a lot of developers enjoy using Pylint or Flake8 to check their code for errors. These tools use static code analysis to check your code for bugs or naming issues. Flake8 will also check your code to see if you are adhering to PEP8, Python’s style guide.

  • Report from the February 2019 ISO C++ meeting (Library)

    Back in February, I attended the WG21 C++ standards committee meeting in rainy Kona, Hawaii (yes, it rained most of the week). This report is so late that we’re now preparing for the next meeting, which will take place mid-July in Cologne. As usual, I spent the majority of my time in the Library Working Group (for LWG; for details on the various Working Groups and Study Groups see Standard C++: The Committee). The purpose of the LWG is to formalize the specification of the C++ Standard Library, i.e. the second “half” of the C++ standard (although in terms of page count it’s closer to three quarters than half). With a new C++20 standard on the horizon, and lots of new features that people want added to the standard library, the LWG has been very busy trying to process the backlog of new proposals forwarded by the Library Evolution Working Group (LEWG). One of the main tasks at the Kona meeting was to review the “Ranges Design Cleanup” proposal. The cleanup involves a number of fixes and improvements to the new Ranges library, addressing issues that came up during the review of the previous (much larger) proposal to add the Ranges library, which is one of the biggest additions to the C++20 library (most of the other significant additions to C++20 affect the core language, without much library impact). In fact, I’d say it’s one of the biggest additions to the C++ standard library since the first standard in 1998. The Ranges library work overhauls the parts of the standard that originated in the Standard Template Library (STL), i.e. iterators, algorithms, and containers, to re-specify them in terms of C++ Concepts. This has been a multi-year effort that has now landed in the C++20 working draft, following multiple proposals and several meetings of wording review by LWG.

  • Save and load Python data with JSON

    JSON stands for JavaScript Object Notation. This format is a popular method of storing data in key-value arrangements so it can be parsed easily later. Don’t let the name fool you, though: You can use JSON in Python—not just JavaScript—as an easy way to store data, and this article demonstrates how to get started.