back to article Cybercrooks get faster, further and sneakier

Cybercrooks are becoming faster at utilising newly-discovered browser exploits. More than nine in ten of all browser-related exploits occurred within 24 hours of an official vulnerability disclosure, according to a survey by IBM's X-Force security division. The cyber-threat survey, which looked closely at information security …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    for those of us

    who are tech savvy, is now the time to become a crim??

  2. Robajob


    Only an American company could have come up with that.

  3. Catweazle
    Paris Hilton

    no firefox plugin exploits?

    The report points to browser plugins as the main source for vulnerabilities,

    To my surprise they report NO vulerabilities for firefox XPI plugins (against 73 high priority ActiveX plugin vulnerabilities for IE).

    Anyone got an idea what the reason might be?

  4. Edward
    Black Helicopters

    @for those of us

    These 'crims' are highly structured organisations, each member has a specialised role, and does not go outside his/her remit. For instance the people you'd contact to rent/buy zombies, are just "salesmen", they had nothing to do with spreading of the malware. In the same respect the programmers/exploit writers will have nothing to do with the sales process, and in most cases will have no involvement after infection, as consolidation would be another, distinct job.

    Make no mistake, these are highly organised, well funded and well connected people we're talking about.

    These organisations bear more resemblance to small multinational corporations than to the social networks of misunderstood teenagers from the old school of hacking. The vast majority of the malware/fraud groups are based out of Russia and China, but with people the world over working for them, they are truely international.

    So, the simple answer is no. Unless you have prior dealings with these people (and have something to offer), you will have no luck going into direct competition. They are now, in every sense of the word, professionals, and they WILL do their job better then you.

  5. Dave

    Text-based spam

    The new stuff is actually harder to block with a simple filter - I already reject most stuff containing HTML, which takes out the image spam and usually the attachments because they're usually accompanied by a bit of HTML to encourage automatic display. A few words and a URL are much harder to trap, apart from the fact that many of the URLs are usually for domains less than a month old and are so amenable to a whois check on the age (except that whois servers get upset if you hit them too often - perhaps a wake-up call to registrars to police spam domains a bit more actively).

  6. Anonymous Coward
    Anonymous Coward


    >Anyone got an idea what the reason might be?

    Simple, Firefox has such a small user base that it's not worth bothering with.

  7. Anonymous Coward
    Dead Vulture


    How I would love to find whoever originated all these cheesy "CYBER-" words and shake them till their teeth fall out. It may have been cool in the 1970s, but so were kipper ties and PDP-11s. Bah, humbug.

  8. Catweazle

    no firefox plugin vulnerabilities

    Well there are 8 firefox browser vulnerabilities agains 6 for IE in the report, so that can't be the reason.

    > Simple, Firefox has such a small user base that it's not worth bothering with.

    >>Anyone got an idea what the reason might be?

This topic is closed for new posts.

Other stories you might like