back to article Seeking web security, exploit operators prefer Firefox

Criminals running websites that push drive-by exploits overwhelmingly prefer the Firefox browser, according to a researcher who spent the past three months surveilling their browsing habits. Mozilla's Firefox was used by 46 per cent of the exploit kit operators who were tracked in the study, according to Paul Royal, principal …


This topic is closed for new posts.
  1. Anonymous Coward

    missed opportunities

    can we get a link to the report/source article?

    1) code injection to a hackers system.

    <tab> possible id? forward to authorities? pipe all his interwebs through "upside-down-ternet"? Yes, the legalities would be questionable, but the researchers have already crossed a very definate line by running code on the remote (skiddie) system

    2)assumtion that miscreant isnt using a proxy?

    <tab> I know that tor sites javascript as being unsafe, but having *all* trafic going though a transparent proxy would make it safer... however, i do see that the kind of people who enable javascript by default are definately the "low hanging fruit" in such cases (or maybe its enabled because it appears to be coming from a trusted source? ).

    3)id be interested to know whether the info leak was from a http header, as these can be forged (opera uses this legitimately to stop sites claiming they are imcompatible)

    4) erm perhaps this should be 1) isnt executing code in a log file a pretty serious vuln?

    <tab> see also 2) ("low hanging fruit")

    darn it stream of consciousnes post!!!one

  2. 2FishInATank


    Might this story be better summarised as 'exploit site operators not quite dumb enough to use entirely insecure browsers'?

    So 6.9 of the 15 operators use Firefox and a whopping 1.95 of them use version 3.5.

    As a fan of Opera, I feel somewhat obliged to give kudos to the 3.9 ops who share my browser preference.

    What browser(s) do the other 4.2 miscreants use? I would be oddly pleased to hear that it's IE5.5, but somehow I doubt it.

    Has Mr Royal heard of the law of small numbers perchance? 15 sites really isn't enough to draw any valid conclusions whatsoever.

    I for one welcome our statistically inept, "SaaS-based secure Web gateway"(*) punting principal, wait - the other thing...

    (*) - source:

  3. Anonymous Coward
    Anonymous Coward

    Breaking news: Tech savvy users like firefox!

    Stay tuned for the weather at 10.

  4. Anonymous Coward
    Anonymous Coward


    The security-through-obscurity excuse doesn't wash. The fact is that their main choice is Firefox and that is a mainstream browser.

    They're choosing Opera simply because, by definition, they're more technically savvy users who make more informed decisions about their choice of browser than the average clueless 'blue e' user or herd-follower, about which browser is best for them.

    I'm sure burglars choose specific locks for their own windows and doors for the same reasons - they want the ones they know to work, not the ones they know no the average home owner has heard of.

    Also is there a geographic angle to this? is a notable proportion of those surveyed from Russia or Eastern Europe? I'd expect a higher proportion of Opera users in the general population there, so it's bound to be reflected in the stats for 1337 h4x0r5 too.

  5. ElReg!comments!Pierre Silver badge

    Bear hygiene and Vatican religious habits

    A particular sub-population of tech-savvy people don't fall for the blue e.


    Rather obvious aint it?

    In other news, " most firefighters don't throw lit matches in the paper bin"

  6. Anonymous Coward
    Anonymous Coward

    wait....this study is based on a sample size of 15?

    c'mon. they couldn't find more than 15 of these exploit kits? I'd hardly call that enough information to draw meaningful conclusions.


  7. wim


    Is getting slower every time.

    And after updating it informs me that my plugins are not going to work with the new version.

    It would have been nice to inform me upfront so I could choose not to update.

    ah guess I have to figure out a way to get the old version back on my pc.

  8. deegee

    ie for me, see?

    There is nothing [much] wrong with IE security if you set it up properly.

    The problem is just that it is configured out-of-the-box with mediocre security settings, and too many people install every useless plugin that pops up a prompt on their screen.

    Tweak up the default security level, add your pr0n domains into the restricted sites zone, kill [disable] the useless plugins, run your user account as standard user, ...

    One thing I wish MS would do with IE's right-click "Open in new tab/window" is add "Open in new tab in restricted zone".

    Regarding the other browsers, FF is my second. GC is just too thin. And O simply runs horrible on my Atom surfing system.

  9. Paul 129

    Garbage in garbage out

    You cant disguise a polished turd. This just goes to show that there are varying levels of stupidity on the net. The one dispensing the report of those stupid enough not to cover their tracks, and the register for buying into this pile of steaming rubbish.

  10. Steve Davies 3 Silver badge

    @By Wim & Firefox

    You could have checked that your plugins were supported BEFORE you upgraded. The versions of the browser they support is there on the plugin site.

    Mines the one with 'Stating the Obvious' on the back.

  11. Gordon is not a Moron

    Yes, but

    "46 per cent of the exploit kit operators who were tracked in the study"

    What I want to know is, what browser were the people that couldn't be tracked using?

  12. Anonymous Coward

    To all those who are saying that they're tech savvy haxors

    Ummm... The let injected javascript run from the log analysis... they're NOT tech savvy; they're muppets who are following their own herd (other haxors)

  13. Crazy Operations Guy Silver badge

    Script Kiddies...

    Any mal-ware author worth their salt would:

    1) Write their own exploits and avoid using a pre-made kit (Or are the ones writing the kits)

    2) Will write their own browser

    3) Have their browsers report the wrong version info anyway to prevent infection

  14. Anonymous Coward
    Anonymous Coward


    Is that a statistically meaningful sample? My fuzzy memory of the joy of confidence tests and the like says "No".

    Anyway, Firefox is mainstream these days. I these l33t h4x0r5 really are tech savvy they'll be using more obscure browsers (e.g. Konqueror), agent switching, proxies yadda-yadda-yadda. All which render these "stats" thoroughly useless.

  15. John Redbook

    I can't believe it's not Internet Explorer.

    I'm more interested by this.. "Royal was able to monitor the browser, IP address, and in some cases operating system of many of the operators of these sites by sneaking a line of JavaScript into the referrer fields of browsers he had visit the site. When the webmasters viewed the logs, their browsers secretly visited a website under his control".

    Can anybody explain in more detail?

  16. Anonymous Coward

    Firefox doesn't auto-cripple you


    What's so difficult about this?

    Options > Advanced > Update

    When updates to Firefox are found:

    ( ) Ask me what I want to do

    (*) Automatically download and install the update

    [x] Warn me if this will disable any of my add-ons

    All previous versions are available for download from the Mozilla site.

  17. Anonymous Coward
    Anonymous Coward

    Not a small sample

    @2FishInATank I was at first confused as you are - but the researchers were reading the *logs* of 15 sites; as a bonus, they got some info about the how the site admin was accessing the log (hence the country info).

    The JavaScript log exploit is the most interesting thing about this article, isn't it?

  18. Matt 21


    "When the webmasters viewed the logs, their browsers secretly visited a website under his control."

    Very little chance of this unless they were idiots! Most people I know download the logs and view them as text files or logon to the server and loo, at them in vi. I've never come across a log analyser which would get tripped over by this either.

  19. TeeCee Gold badge


    Actually, they were *all* using IE5.5, but some of them were l33t enough to hack the browser ID string.........

  20. Don Mitchell

    Browsers all a mixed bag

    I've used IE, FIrefox and Opera fairly extensively. They all have good and bad points. As far as security goes, I believe the problem with IE is the more about numbers of hackers targetting it than about innate security of the software.

    FIrefox is slow, despite all the javascript benchmarks people love to show, clearly that is not the important statistic. It's slow. And it looks worse than any other browser with its crappy FreeType fonts, often selecting the wrong fonts, and rendering with aliasing ("jaggies").

    I want to like Opera, they have been so innovative, but it seems to poop out on some very complex websites like Facebook -- which says something about the browser and about FB.

    IE has the most impressive display loop programming of any browser, it renders fast and it scan converts to subpixel accuracy on LCD displays. That makes it the most readable browser. But I don't understand why they don't use their own JIT compiled .NET javascript engine in IE. And like Firefox, IE can get bogged down and destablized by third party addon crapware.

  21. The Other Steve

    @Matt 21

    "or logon to the server and loo, at them in vi."

    Firstly, only the truly clueless use vi, it is the suckiest text editor on the planet, bar none.

    Secondly, an _editor_ is not the correct tool for viewing log files.

    Thirdly, if you analyse your log files using your eyeballs, you've missed almost everything they have to tell you.

    Epic fail.

  22. Anonymous Coward
    Anonymous Coward


    The data for this study was obtained by hacking, right?

    I think that guy should be prosecuted,

  23. Laurence Parry

    Simple reason for Opera . . .

    Half the operators are from Russia. It's equally popular with other browsers there, or perhaps moreso.

  24. Quirkafleeg

    Re: Browsers all a mixed bag

    “Firefox is slow”

    It's generally fast enough, I find.

    “And it looks worse than any other browser with its crappy FreeType fonts, often selecting the wrong fonts, and rendering with aliasing ("jaggies").”

    font.antialias.min=1 fixes the jaggies, though why this option exists at all I don't know (it should implicitly be 0). As for the rest, that _should_ be a matter of what fonts are installed.

  25. Femacamper

    This is news?

    And in other news, computer hackers are known to use Linux...

  26. This post has been deleted by a moderator

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019