Cybercrooks get faster, further and sneakier

Browser plug-ins flaws help hackers build botnets


Cybercrooks are becoming faster at utilising newly-discovered browser exploits. More than nine in ten of all browser-related exploits occurred within 24 hours of an official vulnerability disclosure, according to a survey by IBM's X-Force security division.

The cyber-threat survey, which looked closely at information security events that happened during the first half of 2008, also revealed that attacks targeting flaws in browser plug-ins are increasing in prevalence. In the first half of 2008, around 78 percent of web browser exploits targeted browser plug-in bugs.

X-Force operations manager Kris Lamb said that the "acceleration and proliferation" of bugs were key themes for the first half of 2008.

The IBM division reckons the increasing use of automated tools allows hackers to become faster off the mark in exploiting vulnerabilities. It criticised the practice of releasing "exploit code along with a security advisory" as playing into the hands of hackers. According to the study, vulnerabilities disclosed by researchers are twice as likely to have zero-day exploit code published.

The counter-argument to this, of course, is that security researchers publish proof of exploit code to establish that their concerns are valid. Publishing details about flaws encourages vendors to be more proactive about developing patches, benefitting the internet community as a whole over the long run.

More than half of the vulnerabilities tracked by X-Force in 1H 2008 involved web server applications. SQL injection vulnerabilities jumped from 25 per cent in 2007 to 41 per cent of all web server application flaws in the first half of 2008. Such vulnerabilities are often used by hackers to plant malicious code of vulnerable websites, a key component in so-called drive-by download attacks which are displacing poisoned email attachments as the preferred method to serve up malware.

In other developments, spammers have abandoned the use of image-based spam, file attachment spam and other such frippery by going back to basics. Nine in ten spam messages now contain little more beyond a few simple words and a URL. The report adds that Russia continues to be the biggest single originator of spam (the starting point of 11 per cent of the world’s junk). Turkey (eight per cent) and the US (7.1 per cent) also crop up as a frequent source of junk mail traffic.®

Similar topics

Broader topics


Other stories you might like

  • NASA installs a new and improved algorithm to better track near-Earth asteroids

    Nearly 20 year-old software used to protect humanity gets an upgrade

    NASA has upgraded its near-Earth asteroid monitoring algorithm to model hazardous space rocks more accurately after nearly two decades, it announced on Tuesday.

    The new system, dubbed Sentry-II, is more powerful than its predecessor, Sentry. Astronomers working at the space agency's Center for Near Earth Object Studies can now automatically calculate thermal influences that nudge an asteroid’s orbit, potentially sending it hurtling towards our home planet.

    The so-called Yarkovsky effect describes the subtle and gradual change of motion when asteroids are heated by the Sun’s light. When asteroids spin, one side of its surface exposed to the star gets heated. As it continues to rotate, the hot region enters shade and cools down. Infrared energy is radiated outwards; the photons carry momentum and impart a tiny thrust on the asteroid. Over long periods of time, these small kicks can change their paths and knock them out of their original orbit.

    Continue reading
  • Facebook slapped with an eyepopping $150B lawsuit for spreading hate speech against Rohingya refugees

    Lawsuit claims social media giant's algos helped Myanmar military crackdown on the Rohingya

    Meta was sued on Tuesday for a whopping $150 billion in a class-action lawsuit for allegedly amplifying hate speech and aiding the Myanmar military in the genocide of the Rohingya people.

    The case, led by an anonymous Rohingya refugee living in the US, accuses the entity formerly known as Facebook of inciting hatred and inflicting real harm on the predominantly Muslim group for years. Not only did the social media platform ignore hate speech posts, it's alleged that the service's algorithms actively promoted anti-Rohingya propaganda as hundreds of thousands of people fled from Myanmar to escape persecution.

    Facebook has already acknowledged its role in the campaign, which saw an estimated 25,000 people perish and 700,000 forced from the country. The lawsuit also comes after ex-employee and whistleblower Frances Haugen leaked internal documents demonstrating how its algorithms prioritized engagement over safety.

    Continue reading
  • Power management IC shortage holding cars, laptops, hostage

    Couple of cents-worth of kit causing big problems for the year to come

    The shortage of power management chips is worsening and holding back companies from building cars, PCs and items with batteries or an on-off switch, Trendforce said in a study this week.

    Power management ICs cost just a few cents, and are among cheap chips that include display driver and USB-C components that are in short supply. These chips are as important to PCs and other electronics as CPUs or memory.

    The demand for PMICs has gone through the roof with the emergence of electric cars and growing demand for PCs and consumer electronics during the past 20 plus months. Trendforce expects the prices will go up by 10 per cent to a six-year high of $0.23.

    Continue reading

Biting the hand that feeds IT © 1998–2021