Language Selection

English French German Italian Portuguese Spanish

Drive-by Trojans exploit browser flaws

Filed under
Security

Trojans - malicious programs that pose as benign apps - are usurping network worms to become the greatest malware menace. Sixteen of the 50 most frequent malicious code sightings reported to Symantec in the second half of 2004 were Trojans. In the first six months of last year, Trojans accounted for just eight of the top 50 malicious code reports.

Symantec blames Trojans for an upsurge in client-side exploits for web browsers. Trojans create the means to deliver malicious code onto vulnerable Windows PCs. Browsers are the primary target, but flaws in email clients, peer-to-peer networks, instant messaging clients, and media players can also be exploited in this way.

Between July and December 2004 Symantec documented 13 vulnerabilities affecting Internet Explorer and 21 vulnerabilities affecting each of the Mozilla browsers. Six vulnerabilities were reported in Opera and none in Safari.

Of the 13 vulns affecting IE in 2H04, nine were classified as "high severity". Of the 21 vulnerabilities affecting the Mozilla browsers, Symantec classified 11 as "high severity". Firefox users enjoyed an easier ride with just seven affecting "high severity" vulns over the report period.

Symantec says there have been few attacks in the wild against Mozilla, Mozilla Firefox, Opera, or Safari, but the jury is still out on whether these browsers represent a more secure alternative to IE.

Nigel Beighton, Symantec’s director of enterprise strategy, EMEA, told El Reg that choice of browser is less important than activating seldom-used security zones features to limit exposure. "If you don't set trusted sites and stick by default browser security it's like surfing everywhere on the net with your wallet open," he said.

Symantec's Internet Threat Report, published Monday (21 March), brings together data gleaned from the security firm's SecurityFocus and managed security services division. The report found that financial service industry was the most frequently targeted sector in internet attacks, followed by hi-tech and pharmaceutical firms. "Attacks are becoming more targeted and specific," said Beighton.

For the third straight reporting period, the Microsoft SQL Server Resolution Service Stack Overflow Attack (formerly referred to as the Slammer Attack) was the most common attack, used by 22 per cent of all attackers. Organisations reported 13.6 attacks per day, up from 10.6 in the previous six months. The United States continues to be the top country of attack origin, followed by China and Germany.

Variants of NetSky, MyDoom, and Beagle, dominated the top ten malicious code samples in the second half of 2004. Symantec documented more than 7,360 new Win32 viruses and worms, 64 per cent up on the first half of the year. Two bots (malicious code that turns infected PCs into zombies under the command of hackers) were present in the top ten malicious code samples, compared to one in the previous reporting period. There were 21 known samples of malicious code for mobile applications, up from one in June 2004.

Symantec also noted a marked rise in email scams over second half of 2004. The firm's BrightMail anti-spam filters blocked an average of 33 million phishing emails a week in December 2004 compared to nine million a week in July 2004.
Symantec documented 1,403 new vulnerabilities in the second half of 2003, up 13 per cent from the first six months of last year. The vast majority (97 per cent) of the vulns recorded between July and December 2004 were either moderate or high risk.

In addition, over 70 per cent of these security flaws could be exploited using readily available tools or without the need for any attack code. The time between the disclosure of a vulnerability and the release of an associated exploit increased from 5.8 to 6.4 days.

Continuing a recent trend, web applications were a particular source of security problems. Almost half - 670 of 1,403 - of the security bugs logged by Symantec in 2H04 affected web applications. ®

Source.

More in Tux Machines

Red Hat and Fedora

  • Is there need for Red Hat Certification training in Zimbabwe?
    A local institution is investigating the need to train Systems Administrators/Engineers who use Linux towards Red Hat certifications. The course is targeted at individuals with at least 2 years experience using Linux.
  • Red Hat, Inc. (NYSE:RHT) By The Numbers: Valuation in Focus
  • Fedora @ Konteh 2017 - event report
    This year we managed to get a booth on a very popular student job fair called Konteh. (Thanks to Boban Poznanovic, one of the event managers)
  • Fedora 26 Alpha status is NO-GO
    The result of the second Fedora 26 Alpha Go/No-Go Meeting is NO-GO. Due to blockers found during the last days [1] we have decided to delay the Fedora 26 Alpha release for one more week. There is going to be one more Go/No-Go meeting on the next Thursday, March 30th, 2017 at 17:00 UTC to verify we are ready for the release.
  • Fedora 26 Alpha Faces Another Delay
    Fedora 26 was set back by a delay last week and today it's been delayed again for another week. Fedora 26 Alpha has been delayed for another week when at today's Go/No-Go meeting it was given a No-Go status due to outstanding blocker bugs.

GNOME News: Gtef, GNOME 3.24 Release Video, Epiphany 3.24

  • Gtef 2.0 – GTK+ Text Editor Framework
    Gtef is now hosted on gnome.org, and the 2.0 version has been released alongside GNOME 3.24. So it’s a good time for a new blog post on this new library.
  • GNOME's GTK Gets Gtef'ed
    Developer Sébastien Wilmet has provided an overview of Gtef with this text editing framework having been released in tandem with GNOME 3.24. Gtef provides a higher level API to make it easier for text editing or in developer-focused integrated development environments.
  • The Official GNOME 3.24 Release Video Is Here
    By now you’re probably well aware that a new update to the GNOME desktop has been released — and if you’re not, where’ve you been?! GNOME 3.24 features a number of neat new features, welcome improvements, and important advances, most of which we’ve documented in blog posts during the course of this week.
  • A Web Browser for Awesome People (Epiphany 3.24)
    Are you using a sad web browser that integrates poorly with GNOME or elementary OS? Was your sad browser’s GNOME integration theme broken for most of the past year? Does that make you feel sad? Do you wish you were using an awesome web browser that feels right at home in your chosen desktop instead? If so, Epiphany 3.24 might be right for you. It will make you awesome. (Ask your doctor before switching to a new web browser. Results not guaranteed. May cause severe Internet addiction. Some content unsuitable for minors.)

today's howtos

AMDGPU Vega Patches and AMD Open-Sources Code

  • More AMDGPU Vega Patches Published
    Less than one week after AMDGPU DRM Vega support was published along with the other Vega enablement patches for the Linux driver stack, more Direct Rendering Manager patches are being shot out today.
  • AMD have announced 'Anvil', an MIT-licensed wrapper library for Vulkan
    AMD are continuing their open source push with 'Anvil' a new MIT-licenses wrapper library for Vulkan. It's aim is to reduce the time developers spend to get a working Vulkan application.
  • AMD Open-Sources Vulkan "Anvil"
    While waiting for AMD to open-source their Vulkan Linux driver, we have a new AMD open-source Vulkan project to look at: Anvil. Anvil is a project out of AMD's GPUOpen division and aims to be a wrapper library for Vulkan to make it easier to bring-up new Vulkan applications/games. Anvil provides C++ Vulkan wrappers similar to other open-source Vulkan projects while also adding in some extra features.