Slashdot Mirror

← Back to Stories (view on slashdot.org)

Criminals Prefer Firefox, Opera Web Browsers

Posted by CmdrTaco on from the choosy-criminals-choose-chimera dept.

An anonymous reader writes "Security researchers at Purewire have leveraged vulnerabilities in malware infrastructure to track the criminals behind it. In a three-month long project, they used security flaws in exploit kits to get operators to expose themselves (Obnoxious interstitial ad between link and content) when they access the kits' admin control panels. Data collected shows that 50% of those tracked use Firefox, while 25% use Opera."

33 of 172 comments (clear)

  1. Public Exposure by Psychotria · · Score: 3, Funny

    I am not sure that I would have liked seeing the operators expose themselves.

  2. So the story is.. by Anonymous Coward · · Score: 5, Insightful

    crim.. *cough* technically inclined people tend to use firefox and opera rather than IE.
    Shocking!

    1. Re:So the story is.. by gmuslera · · Score: 4, Insightful

      A better reading could be "people that exploit vulnerabilities of browsers prefer to not use those vulnerable browsers". Not sure how much technically inclined they are (not sure if there are a black market of plug-and-exploit-for-dummies kits), but they are aware of how much damage can be done to whoever (including them) using those vulnerable browsers.

    2. Re:So the story is.. by linear+a · · Score: 5, Insightful

      Close. Hackers know better than to use IE for all the obvious reasons nobody else should use it.

  3. Does that make me a criminal? by MartinSchou · · Score: 4, Insightful

    I prefer Opera myself - does that now incriminate me? Or does it merely show that these criminals are security conscientious and knows that using IE on the type of websites they probably frequent would be like throwing stones at bees nests?

    They did neglect to mention the most frequently used operating system. If it's equally divided between Linux, OS X and Windows it'd be hard for Internet Explorer to get beyond 33% to begin with.

    1. Re:Does that make me a criminal? by Jurily · · Score: 4, Insightful

      The classic difference between correlation and causation.

      Also, people who think about security much use secure browsers! Think of the children!

    2. Re:Does that make me a criminal? by Jurily · · Score: 4, Funny

      What article? I only read the comments.

  4. Bad Numbers in Summary by joeflies · · Score: 4, Informative

    Actually the article says 46% Firefox and 26% Opera. Did the submitter really need to round the numbers for the article summary, when more accurate numbers would be more meaningful?

    If it was really 50%/25%, I'd suspect a low sample size, i.e. 1 IE user, 2 Firefox users, and 1 Opera user.

  5. First-hand experience by peipas · · Score: 5, Funny

    The guy who took the phone off my lap on the train uses Firefox as well. Right?

    What's next, golfers prefer cars that cost more than $100,000?

    Give me a break.

    1. Re:First-hand experience by drinkypoo · · Score: 5, Funny

      Brilliant comment; car analogy, sports reference, syntactically and logically correct. Extra points for engaging both the downtrodden masses and the wealthy ("Hey, I play golf, and I drive a Bentley! This guy is a genius!")

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  6. Gotta love statistics by Idimmu+Xul · · Score: 5, Insightful

    What does this article even mean?

    Tech savvy IT security enthusiasts prefer alternative browsers to Internet Explorer?
    Criminals prefer Firefox?
    Firefox users have criminal tendancies?
    Firefox encourages exploitation of inferior browsers?

    Or, Internet Explorer sucks.

    What.

    --
    The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
    1. Re:Gotta love statistics by Xenographic · · Score: 4, Insightful

      > What does this article even mean?

      People who write exploits know how to prevent themselves from getting exploited? (i.e. Don't use IE.)

      Of course, it's not as simple as merely choosing a good browser, but that's a starting place.

    2. Re:Gotta love statistics by swillden · · Score: 4, Insightful

      What does this article even mean?

      Easy: This article means that this set of computer criminals primarily uses Firefox and Opera.

      The problem with statistics isn't with statistics, it's with people drawing conclusions unsupported by the statistics.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    3. Re:Gotta love statistics by Nethemas+the+Great · · Score: 3, Funny

      In other news, it has been reported that 98% of persons on death-row in prison have eaten a tomato at least once in their life where as only 5% report having eaten horse meat...

      --
      Two of my imaginary friends reproduced once ... with negative results.
    4. Re:Gotta love statistics by WarpCode · · Score: 4, Funny

      Its a Microsoft marketing gimmick to make law abiding citizens switch back to IE so that they wont turn into criminals.

      Criminals use firefox. Firefox turns its users into criminals. Dont want to be a criminal? Switch back to IE and be a good person!

  7. Fireofx is that good by Dayofswords · · Score: 3, Informative

    computer people use Firefox because they know its good, others use IE because its all they know that exists

    --
    Someday we'll hit the human carrying capacity. And the band will just play on.
  8. Re:What do you mean? by MichaelSmith · · Score: 4, Insightful

    Is it the mouse-clicking or the keyboard-typing that requires more technical capability while using Firefox or Opera rather than IE?

    Knowing about them.

    --
    http://michaelsmith.id.au
  9. Dubious logic? by Johnny+Loves+Linux · · Score: 5, Insightful

    Interestingly, Opera, which by some measures has only a 2 per cent market share, ranked second among the kit operators, with 26 per cent. "I think that's probably because operators have a familiarity with the web threat landscape," Royal told The Register, suggesting that many black-hat hackers take a security-through-obscurity approach to making sure they themselves don't get hit. "It makes them wary of using mainstream browsers."

    Huh, and here I was thinking that maybe, just maybe, these hackers knew the security history of the various browsers and knew that Opera had a better security history than Internet Explorer?

  10. Firefox is safe by DigiShaman · · Score: 4, Funny

    One out of two criminals agree. Certifiably badass!

    --
    Life is not for the lazy.
  11. Obnoxious intersitial ad? by Anonymous Coward · · Score: 3, Insightful

    Wow! No wonder it is so difficult to make money publishing on the Internet. Even an ad that goes away after a timeout, or can be skipped with a single click, creates angst amongst those who hold that information wants to be free. /. editors don't accept stories that include links to content behind paywalls, even if the information is really relevant to the /. community. Post a link to an article requiring registration and someone will copy the article and paste it as a comment (which seems like a pretty clear copyright violation). And now warnings are being given because someone out there is actually paying for the content that /. readers want to look at. Go ahead and mod this down troll/flamebait/overrated...but dang this obsession with not having to pay for any content, either in terms of dollars, registration, some time, or an extra mouse click, seems to be, well, obsessive!

    1. Re:Obnoxious intersitial ad? by falckon · · Score: 3, Insightful

      That may be so, but do you really think the value of that extra click is worth anything from a /. reader with this mindset. Next thing you know you'll be suggesting they should follow some of the ad links on the site, or buy some of the site's affiliate's products. This may even be enforced by having your affiliates track when each user visits their site or fills out some survey. Nevertheless, no matter what you do, people who believe that the web should be free will continue to believe so.

      There's also a greater cause being supported. Paywalls are not conducive to an enjoyable internet. It's similar to the radio where I used to be able to enjoy music throughout the day. Over time radio air-time has been increasingly filled with ads to the point that it's no longer enjoyable to listen to. If websites require more forced advertising it will get to the point that you are forced to see more advertisement content than what you actually wanted to read in a day.

  12. Maybe so by mysidia · · Score: 5, Insightful

    I'm reminded of an old observation: whenever ice cream sales rise, so do shark attacks. So does eating ice cream cause sharks to attack you? No.

    The observation that more Criminals prefer Firefox over IE, doesn't associate Firefox use with criminal behavior.

    It most likely just means that there is a common occurence that causes technically savvy computer users to prefer Firefox.

    People who build malware infrastructure are technically savvy, otherwise, they would not be able to understand and defeat technical security measures.

    Non-technically savvy users often use IE because they don't understand the alternatives.

    Also, they don't understand the weaknesses in IE's security defenses, the technical advantages of using Firefox (or Chrome) over IE, or the basic security principle that installing and using less-popular software (alternatives to the most popular option) means there are fewer people interested in devising a way to attack your software.

    Eg Opera is not a very ripe target that hackers are highly interested in attacking, because it has so few users, it's a low value target.

  13. What will come of this "news"? by EkriirkE · · Score: 3, Insightful

    Are we now to be harassed if badged-mongoloids see us on the internet and its not a blue "e" icon?
    Akin to this previous /. story where one of them saw a student using a CLI

    --
    from 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    to 45 2F 6E 40 3C DF 10 71 4E 41 DF AA 25 7D 31 3F
  14. I love the comments on... by vistapwns · · Score: 5, Interesting

    IE's lack of security being a reason for this. This is not true of recent versions of IE, and in fact, IE is sandboxed in recent versions of Windows, unlike FF and Opera. The Pwn2Own hacker winner rated it at 9/10 in security, and so on. I highly doubt this has anything to do with real security, more like hackers are faddish gullable kids who believe the "IE is teh insecure!" hype that the typical slashdotter believes. Ya mod me down, I don't care.

    --
    "...I think the Microsoft hatred is a disease." - Linus Torvalds
  15. So what is the IE %? by neonprimetime · · Score: 3, Interesting

    If FireFox 46, Opera 26, that is 72. does that mean IE is close to 28? or are there other browsers that take up the rest ... the story seemed to lack that info?

  16. Re:What do you mean? by Itninja · · Score: 4, Insightful

    FF or O don't require more technical skill, but people with more technical knowledge with usually opt to use them. For example, only a technically savvy person knows the dangers of allowing scripts to run without direct user permission. With FF one can get NoScript running in less than a minute. With IE, you might be able to cobble together some goofy proxy, but for the most part you are on your own.

    No one knows better than a scumbag malware distributor how to protect themselves online.

    --
    I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
  17. Re:frist psot by telchine · · Score: 3, Insightful

    Data collected shows that 50% of those tracked use Firefox, while 25% use Opera

    Let me guess, they tracked 4 operators?

  18. opera in russia by shird · · Score: 4, Interesting

    I'm surprised Opera isn't more represented, given the number of Russian cyber-crimminals. Opera is quite widely used in Russia. Opera once did a random street sampling in the eastern bloc after Google's video of asking people "What is a browser" in New York Square (to which people replied "Google" or "Yahoo" etc). They found most people knew what it was and majority used Opera:
    http://my.opera.com/haavard/blog/2009/06/25/what-is-a-browser-russian-edition

    Which goes to show, those technically minded use Opera, which helps support my claims it is the better browser (for IT guys at least)

    --
    I.O.U One Sig.
  19. Re:Keep it in perspective... by John+Hasler · · Score: 4, Informative

    > Unless you count copyright violation, in which case everyone is guilty.

    Not true. In any case, copyright infringement is rarely a crime, at least in the USA.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  20. Think about it a moment. by Ungrounded+Lightning · · Score: 5, Insightful

    A better reading could be "people that exploit vulnerabilities of browsers prefer to not use those vulnerable browsers".

    In particular:

    "People who create websites containing malware that takes over the browsing computer NEED to use a browser that is immune to their own takeover tools for their command-and-control console."

    Jeez. Think about it a moment. How the heck are they going to work on the thing if it eats their machine when they touch it?

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  21. Re:What do you mean? by REggert · · Score: 4, Interesting

    Less than a minute? Wow! That's almost as fast as the four seconds it takes in my browser!

    I've always been fascinated by the fact that disabling scripting in FireFox requires a plugin. In Opera, all you do is click a checkbox in a drop-down menu (or to do it per-site, a checkbox in a dialog window). The same goes for enabling/disabling plugins, applets, sound, cookies, animated images, popups (actually a set of radio buttons and not a checkbox), proxy servers, and sending referer information. It seems to me to be an excessive amount of work to have to install additional software just to get basic security features.

    And yes, I'm an Opera fanboy. ;-)

    --

    cp /dev/zero ~/signature.txt

  22. Re:frist psot by Runaway1956 · · Score: 3, Insightful

    Let's make asses of ourselves, and assume that the percentages would hold in larger samples. What would that tell us? Hmmmmmm. Maybe hackers know that FF and Opera are safer browsers than IE? Well, one has to ask, "Who would know better than a hacker?"

    Alright, we've been asses long enough. Shitcan the silly assumption....

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  23. Re:What do you mean? by Eravnrekaree · · Score: 3, Informative

    Actually you can at least when i used IE years ago, turn off the scripts. In fact, you can tell it to allow just scripts to run on certain pages but not others. On firefox? Cant do it without the plugin! Furthermore, IEs feature is a part of a security profiles feature which included a huge number of site features you could turn off, including many others like cookies. You would create a series of profiles, and then establish certain settings in that profile, then add websites to the profile. You could therefore control multiple things through the profiles. Cant do it with firefox. The noscript only covers js, so if you wanted to block cookies as well, youd have to create a completely seperate database of sites.