Firefox, Opera popular with malware authors

August 24, 2009 | 14:40

Tags: #browser #drive-by #drive-by-download #firefox #internet-explorer #malware #vulnerability #vxers

Companies: #mozilla #opera #purewire

New research has shed light on the browser habits of the no-goodniks behind drive-by malware websites, with some interesting results.

As reported over on the research, carried out by Purewire's Paul Royal, shows that the ne'er-do-wells that perpetrate mass infection attempts by the creation of infected webpages which attempt to convince visitors - almost always using Microsoft's Internet Explorer browser - to download and install third-party software without notification or warning prefer browsers with a smaller userbase for their own surfing sessions.

After analysing the toolkits - including the most popular amongst the digital underground, LuckySploit and UniquePack - used to create such sites, Royal discovered that, on average, around 46 percent of the site creators used the popular open-source Firefox web browser instead of Internet Explorer, the browser their sites aimed at infecting. While such a high figure for Firefox amongst the technically proficient is perhaps not surprising - with the browser's market share continuing to grow worldwide - what may come as a shock is that 26 percent of attackers used the Opera browser, despite Opera having a mere 2 percent share of the global browser market.

While a wealth of add-ons for those engaging in web development - both for good and for ill - exist for Firefox, making it an obvious choice for anyone working in that area, Opera is harder to pin down. Perhaps the most likely reason for its use is its minuscule market share: those creating malware download sites are typically developing for the largest possible target pool, which means Microsoft's Internet Explorer is the most commonly targeted browser. The use of a less popular browser - especially one with just 2 percent of the market - is almost certainly a defense against the attackers themselves being attacked.

With a single example of drive-by download code having infected 40,000 sites at a conservative estimate, it's clear that even those in the know are having to take precautions while browsing the web of today.

Have you ever suffered at the hands of a drive-by download site? Can you understand the popularity of Opera amongst such denizens of the net's seedy underbelly, or is it purely a case of making themselves as small a target as possible? Share your thoughts over in the forums.
Discuss this in the forums
YouTube logo
MSI MPG Velox 100R Chassis Review

October 14 2021 | 15:04