Cybercrooks are becoming faster at utilising newly-discovered browser exploits. More than nine in ten of all browser-related exploits occurred within 24 hours of an official vulnerability disclosure, according to a survey by IBM's X-Force security division. The cyber-threat survey, which looked closely at information security …
for those of us
who are tech savvy, is now the time to become a crim??
Only an American company could have come up with that.
no firefox plugin exploits?
The report points to browser plugins as the main source for vulnerabilities,
To my surprise they report NO vulerabilities for firefox XPI plugins (against 73 high priority ActiveX plugin vulnerabilities for IE).
Anyone got an idea what the reason might be?
@for those of us
These 'crims' are highly structured organisations, each member has a specialised role, and does not go outside his/her remit. For instance the people you'd contact to rent/buy zombies, are just "salesmen", they had nothing to do with spreading of the malware. In the same respect the programmers/exploit writers will have nothing to do with the sales process, and in most cases will have no involvement after infection, as consolidation would be another, distinct job.
Make no mistake, these are highly organised, well funded and well connected people we're talking about.
These organisations bear more resemblance to small multinational corporations than to the social networks of misunderstood teenagers from the old school of hacking. The vast majority of the malware/fraud groups are based out of Russia and China, but with people the world over working for them, they are truely international.
So, the simple answer is no. Unless you have prior dealings with these people (and have something to offer), you will have no luck going into direct competition. They are now, in every sense of the word, professionals, and they WILL do their job better then you.
The new stuff is actually harder to block with a simple filter - I already reject most stuff containing HTML, which takes out the image spam and usually the attachments because they're usually accompanied by a bit of HTML to encourage automatic display. A few words and a URL are much harder to trap, apart from the fact that many of the URLs are usually for domains less than a month old and are so amenable to a whois check on the age (except that whois servers get upset if you hit them too often - perhaps a wake-up call to registrars to police spam domains a bit more actively).
>Anyone got an idea what the reason might be?
Simple, Firefox has such a small user base that it's not worth bothering with.
How I would love to find whoever originated all these cheesy "CYBER-" words and shake them till their teeth fall out. It may have been cool in the 1970s, but so were kipper ties and PDP-11s. Bah, humbug.
no firefox plugin vulnerabilities
Well there are 8 firefox browser vulnerabilities agains 6 for IE in the report, so that can't be the reason.
> Simple, Firefox has such a small user base that it's not worth bothering with.
>>Anyone got an idea what the reason might be?