Slashdot Mirror
Criminals Prefer Firefox, Opera Web Browsers
An anonymous reader writes "Security researchers at Purewire have leveraged vulnerabilities in malware infrastructure to track the criminals behind it. In a three-month long project, they used security flaws in exploit kits to get operators to expose themselves (Obnoxious interstitial ad between link and content) when they access the kits' admin control panels. Data collected shows that 50% of those tracked use Firefox, while 25% use Opera."
Even more reason to outlaw that stuff.
the NPG electrode was replaced with carbon blac
I am not sure that I would have liked seeing the operators expose themselves.
crim.. *cough* technically inclined people tend to use firefox and opera rather than IE.
Shocking!
I prefer Opera myself - does that now incriminate me? Or does it merely show that these criminals are security conscientious and knows that using IE on the type of websites they probably frequent would be like throwing stones at bees nests?
They did neglect to mention the most frequently used operating system. If it's equally divided between Linux, OS X and Windows it'd be hard for Internet Explorer to get beyond 33% to begin with.
This is obvious. People implementing malware and running botnets are going to be more technically capable than most. The more technically capable you are, the more likely it is you'll use Firefox or Opera. No big deal.
Give me Classic Slashdot or give me death!
This just means that malware writers understand that Internet Explorer has more vulnerabilities to exploit, so they don't use it themselves.
Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
Actually the article says 46% Firefox and 26% Opera. Did the submitter really need to round the numbers for the article summary, when more accurate numbers would be more meaningful?
If it was really 50%/25%, I'd suspect a low sample size, i.e. 1 IE user, 2 Firefox users, and 1 Opera user.
The guy who took the phone off my lap on the train uses Firefox as well. Right?
What's next, golfers prefer cars that cost more than $100,000?
Give me a break.
Most computer skilled people prefer those same browsers. Its what I've got open at this moment, FF and Chrome.
Live to be Moderated
...and probably see better than other people if someone wants to sell them shit product (say IE) while they can get free one for free.
To break law and not get caught many times means you are smart. And smart people know when you try to force them to use crap browsers.
What does this article even mean?
Tech savvy IT security enthusiasts prefer alternative browsers to Internet Explorer?
Criminals prefer Firefox?
Firefox users have criminal tendancies?
Firefox encourages exploitation of inferior browsers?
Or, Internet Explorer sucks.
What.
The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
Is it the mouse-clicking or the keyboard-typing that requires more technical capability while using Firefox or Opera rather than IE?
computer people use Firefox because they know its good, others use IE because its all they know that exists
Someday we'll hit the human carrying capacity. And the band will just play on.
Of course they use non-IE browsers; they probably either spend considerable time exploiting IE, or at least are aware that IE is often exploited. I'm sure criminals who break into houses through open or poorly secured windows have wrought iron bars on all of their own.
It's nothing but crumpled porno and Ayn Rand.
Interestingly, Opera, which by some measures has only a 2 per cent market share, ranked second among the kit operators, with 26 per cent. "I think that's probably because operators have a familiarity with the web threat landscape," Royal told The Register, suggesting that many black-hat hackers take a security-through-obscurity approach to making sure they themselves don't get hit. "It makes them wary of using mainstream browsers."
Huh, and here I was thinking that maybe, just maybe, these hackers knew the security history of the various browsers and knew that Opera had a better security history than Internet Explorer?
One out of two criminals agree. Certifiably badass!
Life is not for the lazy.
Wow! No wonder it is so difficult to make money publishing on the Internet. Even an ad that goes away after a timeout, or can be skipped with a single click, creates angst amongst those who hold that information wants to be free. /. editors don't accept stories that include links to content behind paywalls, even if the information is really relevant to the /. community. Post a link to an article requiring registration and someone will copy the article and paste it as a comment (which seems like a pretty clear copyright violation). And now warnings are being given because someone out there is actually paying for the content that /. readers want to look at. Go ahead and mod this down troll/flamebait/overrated...but dang this obsession with not having to pay for any content, either in terms of dollars, registration, some time, or an extra mouse click, seems to be, well, obsessive!
Criminals are smarter than your average Joe Blow.
I'm reminded of an old observation: whenever ice cream sales rise, so do shark attacks. So does eating ice cream cause sharks to attack you? No.
The observation that more Criminals prefer Firefox over IE, doesn't associate Firefox use with criminal behavior.
It most likely just means that there is a common occurence that causes technically savvy computer users to prefer Firefox.
People who build malware infrastructure are technically savvy, otherwise, they would not be able to understand and defeat technical security measures.
Non-technically savvy users often use IE because they don't understand the alternatives.
Also, they don't understand the weaknesses in IE's security defenses, the technical advantages of using Firefox (or Chrome) over IE, or the basic security principle that installing and using less-popular software (alternatives to the most popular option) means there are fewer people interested in devising a way to attack your software.
Eg Opera is not a very ripe target that hackers are highly interested in attacking, because it has so few users, it's a low value target.
Are we now to be harassed if badged-mongoloids see us on the internet and its not a blue "e" icon? /. story where one of them saw a student using a CLI
Akin to this previous
from 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
to 45 2F 6E 40 3C DF 10 71 4E 41 DF AA 25 7D 31 3F
IE's lack of security being a reason for this. This is not true of recent versions of IE, and in fact, IE is sandboxed in recent versions of Windows, unlike FF and Opera. The Pwn2Own hacker winner rated it at 9/10 in security, and so on. I highly doubt this has anything to do with real security, more like hackers are faddish gullable kids who believe the "IE is teh insecure!" hype that the typical slashdotter believes. Ya mod me down, I don't care.
"...I think the Microsoft hatred is a disease." - Linus Torvalds
How many firefox/opera users are criminals? Probably a tiny, tiny percentage. Unless you count copyright violation, in which case everyone is guilty.
You see? You see? Your stupid minds! Stupid! Stupid!
If FireFox 46, Opera 26, that is 72. does that mean IE is close to 28? or are there other browsers that take up the rest ... the story seemed to lack that info?
Reminds me of when a botnet began creating spam product review requests on a website I operated. I analyzed the requests they used and rather than implementing a captcha, I was able to automatically flag messages containing a request which identified a Russian, Opera user-agent as spam and have them set aside for rapid processing. I could then download a weekly spreadsheet of the emails and messages and quickly determine each's legitimacy.
PS: I have never had a single visitor with the identical user-agent make a legitimate page request to that site.
So, anyone that doesn't use IE, congratulations! You might just be a criminal / terrorist!!! 8D
like any 733t H@ck3r would use Internet Explorer, and risk being kicked out of their group.
Did you check to see if they were even using Windows? Chances are if not then IE isn't even available to them, but Firefox and Opera are. Maybe that is because Firefox and Opera are cross platform and IE isn't (except for a Mac OSX port that is fugly, but then why install IE for OSX when Safari is way better?) available on Linux, BSD Unix, etc.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
I'm surprised Opera isn't more represented, given the number of Russian cyber-crimminals. Opera is quite widely used in Russia. Opera once did a random street sampling in the eastern bloc after Google's video of asking people "What is a browser" in New York Square (to which people replied "Google" or "Yahoo" etc). They found most people knew what it was and majority used Opera:
http://my.opera.com/haavard/blog/2009/06/25/what-is-a-browser-russian-edition
Which goes to show, those technically minded use Opera, which helps support my claims it is the better browser (for IT guys at least)
I.O.U One Sig.
Not saying that all Russians are criminals, but there's a big population there, and yes there are many cybercriminals.... this might explain somewhat the Opera numbers.
"It is our choices, Harry, that show what we truly are, far more than our abilities." -- Prof. Dumbledore
could also read,
Criminals prefer body armor to paper mache.
They are using OperaTor cuz itz teh h4x
No really? Probably they don't want their precious botnets be taken over and used "by proxy" (in both senses, actually...).
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
How do they test their activex exploits without using IE?
Water is wet, the sky is blue and we're all getting older.
"You know that Voight-Kampff test of yours... did you
ever take that test yourself?"
Silence.
"Deckard?"
A better reading could be "people that exploit vulnerabilities of browsers prefer to not use those vulnerable browsers".
In particular:
"People who create websites containing malware that takes over the browsing computer NEED to use a browser that is immune to their own takeover tools for their command-and-control console."
Jeez. Think about it a moment. How the heck are they going to work on the thing if it eats their machine when they touch it?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
From the original article:
Royal was able to monitor the browser, IP address, and in some cases operating system of many of the operators of these sites by sneaking a line of JavaScript into the referrer fields of browsers he had visit the site. When the webmasters viewed the logs, their browsers secretly visited a website under his control.
Many, if not most of these crim... technically savy people probably deactivate JavaScript, and the most convenient way to do it is NoScript on Firefox. Which means that these statistics only take into account browsers with JavaScript enabled, which, in turn, means that the share of Firefox is probably much greater than 46%. Those who used Firefox with NoScript simply weren't taken into account.
"Of the 15 sites tracked, only two were hosted in the same country where their operator resided"
15 sites? That means that these amazing numbers are from a 15 point data sample? Are you kidding?
Also FF and O are also the most easily extensible. Meaning you can write your own scripts/software/addons/etc to help you screw up pages you visit.
So malware authors use these two browsers more than internet exploder? Fascinating.
Just for the record: "1 in 4 hackers use Opera" story is based on total global sample of 15 hackers... :-)
In God We Trust, Others We Monitor
Those who know how to use the net use Firefox or Opera.
browsers don't kill people, criminals kill people.
if we outlaw browsers.. hows that go?
Back in the day when I was in high school, I was accused of hacking the school's computers.
Why? 'cuz I was checking Enlightenment's website for updates. :p
Beautiful desktop = H4X! H4X I SAY!
Anyway, the moral of the story is people in power, be they librarians or police, generally are idiots when it comes to tech. And no, "But, but, you're in IT! They aren't! They don't know any better!" is no excuse when you're accusing people of shit.
Has no one realized that the investigator used a security hole? in FireFox? When is this hole going to be fixed?
Does this make me a criminal mastermind?
running under a VM.
New Economic Perspectives
You think that only FF can turn of js...why exactly?
One that hath name thou can not otter
I've always wondered if someone could make a browser just for hacking. Like display POST data in plain text and let you modify javascript commands and change true to false and send invalid form data anyway, etc. That would be so unbelievably valuable but as far as I know, it doesn't exist. Is that isn't feasible and why has nobody ever done it?! Are rendering engines and javascript engines that hard to write from scratch? Wouldn't hackers just copy and modify existing engines?
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
Car thieves don't leave their keys in the ignition.
Lame. Sigh.
this research was somehow funded by microsoft ?
beware he who denies you access to information for in his mind, he already deems himself to be your master (SMAC-ish)
Indeed. TFA completely lacks content. The most interesting part is not about Fx/Opera usage (although Opera at 26% is very high), but what the other 28% are using. Safari? IE? Epiphany? Telnet?
Where's the source of TFA?
You, sir, need a larger sampling universe than just your mom. And given her universe-sized stank, that's one ho I'm gonna pass up on sampling.....
"No one knows better than a scumbag malware distributor how to protect themselves online." - by Itninja (937614) on Friday August 21, @07:24PM (#29152031) Homepage
That's not entirely true (though I do agree many of them KNOW WHAT THEY'RE DOING to a good extent, because they're no longer just "Script Kiddies", but instead, many are imo @ least, out of work software engineers, or those employed by "criminal interests" to do such bad things).
Anyone can learn how to secure a PC well, especially a Windows NT-based one of modern design (2000/XP/Server 2003 & even VISTA and beyond) though - As ANYONE can read this:
----
HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA (& beyond), + make it "fun-to-do", via CIS Tool Guidance (& beyond):
http://www.tcmagazine.com/forums/index.php?s=4dc38e5530ea768a24d8b9a145a2b493&showtopic=2662
----
Users who have applied it have seen NO "INFESTATIONS" for going on 2++ yrs. now for themselves & even their paying customers who had it applied to their systems, per this testimonial of such results:
----
"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local" - THRONKA, user @ xtremepccentral.com -> http://www.xtremepccentral.com/forums/showthread.php?s=1316aff8cd028e1eda6006fa9bb30181&t=28430&page=3
----
As you can see? IT JUST WORKS!
That guide's crossed over 250,000++ views in 1++ yrs.' time online (& owns 17 of the TOP 20 in GOOGLE querying "HOW TO SECURE Windows 2000/XP"), & has usually been made a "Sticky/Pinned Thread" or "Essential Guide" & is in the topmost viewed in 15/20 forums it is on also, & many times rated very well by user commentary or "5 star ratings" etc. et al. such as here -> http://www.tcmagazine.com/forums/index.php?s=4dc38e5530ea768a24d8b9a145a2b493&showtopic=2662
NO MALWARE MAKER/DISTRIBUTOR HERE EITHER!
Fact is - I am a programmer/analyst-software engineer (& network admin) by trade, professionally, for 16++ yrs. now & who has been internationally published in this field 10x or more since 1996, plus, had my work & ideas do well @ MS Tech-Ed 2001 & 2002 to the tune of "FINALIST" position in the hardest category there, SQLServer Performance Enhancement (in addition to possessing multiple degrees in this art & science), & I know how it's done, as well as (or better than) many of these 'scumbags' you describe, which only makes sense:
The sad part? Those 'scumbags' are guys pretty much like myself - who are fairly well-versed in this science @ ALL LEVELS (network tech &/or coding), & are what I call "misguided" or as you say, just scumbags... ones that make the rest of us "techies/coders" look bad, in the eyes of others!
APK
P.S.=
"This was by design. Everything which could be moved to a plugin was. Of course, some things have slipped back into the browser, but the idea was to cut down the bloat." - by Philip_the_physicist (1536015) on Saturday August 22, @02:55AM (#29154011)
See subject-line above, & test for yourself - Opera can do javascript blocking, popup blocking, cookie blocking: AND ON A "PER-SITE BASIS", easily (via right-click on any website you wish & by setting "per site preferences", rather than GLOBAL ones only), & AS A "NATIVE BUILT-IN FEATURESET", not via addons (which only increase memory consumption & reduce browser speed (especially IF you load TOO MANY in FireFox, been there myself before is why I state that much))...
AND, Opera does so, with less memory consumption, by far (vs. FF or IE)... Here's what I see, on this note:
----
OPERA 10.10 BETA MEMORY FOOTPRINT (I use this, vs. Opera 9.6x - Working set, 1 tab open only, google main page):
24,488mb Working Set (via Process Explorer)
----
MICROSOFT INTERNET EXPLORER 8.x (Working set, 1 tab open only, google main page):
30,304mb Working Set (via Process Explorer)
----
MOZILLA MINEFIELD NIGHTLY BUILD (I use this vs. FF 3.52, & no addons loaded either, which would make this figure even MORE - Working set, 1 tab open only, google main page):
55,972mb Working Set (via Process Explorer)
----
"Read 'em & weep", I supposed... Opera does what the others do (& first, tabbed browsing anyone?), & for LESS... thus, "less IS truly MORE"...
NOW, as far as OVERALL web-browser performance? Opera "swept the floor" with the competition on THAT NOTE, as well, see here:
http://www.howtocreate.co.uk/browserSpeed.html
(Sure, Mozilla may have passed Opera in terms of JavaScript parsing speeds, but for years, it was NOT FASTER (Opera was)... but what is the gain there exactly? Since JavaScript's been shown to essentially be "the harbinger of doom" the past few years now in being the MAIN MALWARE DISTRIBUTION LAYER ONLINE in terms of bad adbanner code &/or malicious code on websites? Maybe it helps on ecommerce type pages or online banking page performance (where you actually absolutely NEED javascript running in order to use those types of pages), but, it only means it will get folks infected faster really... I don't understand this "web 2.0" craze, because they ought to fix the busted DOM in javascript first, before making javascript processing faster... imo, @ least!)
APK
P.S.=> Opera's also CONSISTENTLY led in less "known unpatched security vulnerabilities", per the stats kept by SECUNIA.COM, as follows (this is consistent for YEARS now no less, w/ Opera @ 0% most of the time, & FF + IE not @ 0% usually):
----
Vulnerability Report: Opera 9.x
http://secunia.com/advisories/product/10615/
0% (0 of 22 Secunia advisories)
----
Vulnerability Report: Mozilla Firefox 3.5.x
http://secunia.com/advisories/product/25800/
0% (0 of 2 Secunia advisories)
----
Vulnerability Report: Microsoft Internet Explorer 8.x
http://secunia.com/advisories/product/21625/
50% (2 of 4 Secunia advisories)
----
FireFox "surprises me", this round (usually, I found that FF has a couple over time usually (been doing posts like this one since 2005 here & elsewhere is why I state that) today... good job to the FF team (now, time to work on that memory footprint is all, so it's competitive w/ that of Opera), but, IE8 still has a couple outstanding (but, this is BETTER THAN USUAL for MS on this account)... so, they're ALL "getting better" on this front @ least! apk
Firefox user = criminal
Iceweasel user = poser?
My sig is better than your sig.
I read the partent posting as "They're using these browsers because they understand the risks and prefer a less vulnerable browser."
My reply was intended to be "Actually, it's they have a specific NEED to be immune to the attacks as part of their operation: Their own malware would break them if they don't use a browser that's immune to it."
That's a very significant difference: Between preference and inherent requirement. TFA and many of the comments here are talking about preference, as if the malware authors were just using FF and Opera because, in their expert opinion they were cooler. I took the parent to be doing so as well. If I was mistaken than the post was indeed redundant.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
In other news, car thieves prefer exotic sports cars.
warning: This post is likely to contain gobs of dripping sarcasm. Consume at your own risk.
...a guy by the name of Massad Ayoob wrote a book called "The Truth About Self-Protection." (http://www.amazon.com/Truth-About-Self-Protection/dp/0553195190) I recommend it highly, as one of the things he did was go over to the local prison and ask career criminals how they would go about protecting themselves from the same sort of people.
It's quite instructive.
Regards;
Criminals prefer cars to bicycles. Some even prefer the internet to the telephone. Most importantly they prefer the night to the day, as they are seedy folk after all.
You can lead a man with reason but you can't make him think.
"I want to be able to whitelist sites I trust and reject all other scripts from being run." - by Itninja (937614) on Saturday August 22, @07:02PM (#29158649) Homepage
See subject-line: Opera has that ability, "built-in natively from the 'get-go'"!
(That's easily done in OPERA, via GLOBALLY 1st disabling scripting (or other things too) for ALL sites first, & then setting a "per-site" basis 'whitelist' via right-clicking on any page you are on & using the popup menu entry to EDIT SITE PREFERENCES submenu item)
NoScript (a FireFox addon) allows for this, but, it's not a native feature in FireFox itself (you probably know this, but, never hurts to mention it, in case you do not).
APK
P.S.=> IE is the "weak link" in this, as you have to do as you stated in it... apk