Criminals Prefer Firefox, Opera Web Browsers

An anonymous reader writes "Security researchers at Purewire have leveraged vulnerabilities in malware infrastructure to track the criminals behind it. In a three-month long project, they used security flaws in exploit kits to get operators to expose themselves (Obnoxious interstitial ad between link and content) when they access the kits' admin control panels. Data collected shows that 50% of those tracked use Firefox, while 25% use Opera."

So the story is..

[Anonymous Coward]

crim.. *cough* technically inclined people tend to use firefox and opera rather than IE.
Shocking!

Does that make me a criminal?

[MartinSchou]

I prefer Opera myself - does that now incriminate me? Or does it merely show that these criminals are security conscientious and knows that using IE on the type of websites they probably frequent would be like throwing stones at bees nests?

They did neglect to mention the most frequently used operating system. If it's equally divided between Linux, OS X and Windows it'd be hard for Internet Explorer to get beyond 33% to begin with.

Not surprising...

[nebaz]

This just means that malware writers understand that Internet Explorer has more vulnerabilities to exploit, so they don't use it themselves.

Gotta love statistics

[Idimmu Xul]

What does this article even mean?

Tech savvy IT security enthusiasts prefer alternative browsers to Internet Explorer?
Criminals prefer Firefox?
Firefox users have criminal tendancies?
Firefox encourages exploitation of inferior browsers?

Or, Internet Explorer sucks.

What.

Re:What do you mean?

[MichaelSmith]

Is it the mouse-clicking or the keyboard-typing that requires more technical capability while using Firefox or Opera rather than IE?

Knowing about them.

Dubious logic?

[Johnny Loves Linux]

Interestingly, Opera, which by some measures has only a 2 per cent market share, ranked second among the kit operators, with 26 per cent. "I think that's probably because operators have a familiarity with the web threat landscape," Royal told The Register, suggesting that many black-hat hackers take a security-through-obscurity approach to making sure they themselves don't get hit. "It makes them wary of using mainstream browsers."

Huh, and here I was thinking that maybe, just maybe, these hackers knew the security history of the various browsers and knew that Opera had a better security history than Internet Explorer?

Obnoxious intersitial ad?

[Anonymous Coward]

Wow! No wonder it is so difficult to make money publishing on the Internet. Even an ad that goes away after a timeout, or can be skipped with a single click, creates angst amongst those who hold that information wants to be free. /. editors don't accept stories that include links to content behind paywalls, even if the information is really relevant to the /. community. Post a link to an article requiring registration and someone will copy the article and paste it as a comment (which seems like a pretty clear copyright violation). And now warnings are being given because someone out there is actually paying for the content that /. readers want to look at. Go ahead and mod this down troll/flamebait/overrated...but dang this obsession with not having to pay for any content, either in terms of dollars, registration, some time, or an extra mouse click, seems to be, well, obsessive!

Maybe so

[mysidia]

I'm reminded of an old observation: whenever ice cream sales rise, so do shark attacks. So does eating ice cream cause sharks to attack you? No.

The observation that more Criminals prefer Firefox over IE, doesn't associate Firefox use with criminal behavior.

It most likely just means that there is a common occurence that causes technically savvy computer users to prefer Firefox.

People who build malware infrastructure are technically savvy, otherwise, they would not be able to understand and defeat technical security measures.

Non-technically savvy users often use IE because they don't understand the alternatives.

Also, they don't understand the weaknesses in IE's security defenses, the technical advantages of using Firefox (or Chrome) over IE, or the basic security principle that installing and using less-popular software (alternatives to the most popular option) means there are fewer people interested in devising a way to attack your software.

Eg Opera is not a very ripe target that hackers are highly interested in attacking, because it has so few users, it's a low value target.

What will come of this "news"?

[EkriirkE]

Are we now to be harassed if badged-mongoloids see us on the internet and its not a blue "e" icon?
Akin to this previous /. story [slashdot.org] where one of them saw a student using a CLI

Re:Gotta love statistics

[Xenographic]

> What does this article even mean?

People who write exploits know how to prevent themselves from getting exploited? (i.e. Don't use IE.)

Of course, it's not as simple as merely choosing a good browser, but that's a starting place.

Re:So the story is..

[gmuslera]

A better reading could be "people that exploit vulnerabilities of browsers prefer to not use those vulnerable browsers". Not sure how much technically inclined they are (not sure if there are a black market of plug-and-exploit-for-dummies kits), but they are aware of how much damage can be done to whoever (including them) using those vulnerable browsers.

Re:Gotta love statistics

[swillden]

What does this article even mean?

Easy: This article means that this set of computer criminals primarily uses Firefox and Opera.

The problem with statistics isn't with statistics, it's with people drawing conclusions unsupported by the statistics.

Re:Does that make me a criminal?

[Jurily]

The classic difference between correlation and causation.

Also, people who think about security much use secure browsers! Think of the children!

Re:What do you mean?

[Itninja]

FF or O don't require more technical skill, but people with more technical knowledge with usually opt to use them. For example, only a technically savvy person knows the dangers of allowing scripts to run without direct user permission. With FF one can get NoScript running in less than a minute. With IE, you might be able to cobble together some goofy proxy, but for the most part you are on your own.

No one knows better than a scumbag malware distributor how to protect themselves online.

Re:So the story is..

[linear a]

Close. Hackers know better than to use IE for all the obvious reasons nobody else should use it.

Re:frist psot

[telchine]

Data collected shows that 50% of those tracked use Firefox, while 25% use Opera

Let me guess, they tracked 4 operators?

Re:So the story is..

[cheftw]

I'd suggest a /.-wide banning of a reply consisting wholly of an xkcd, along with a delicious ban for whoever posted it, but I know Randall makes his living off the site, so spam away.

This posted using firefox (to remain ontopic, otherwise I'd have used uzbl).

Re:Bad Numbers in Summary

[Barny]

What? All in the same group? Thats a bit harsh on the suicidal maniacs out there don't yathink?

I think a better summery stat would have been that "of the top 3 browsers, over 70% of malware writers steer clear of IE".

Also, anyone wonder if the remaining 28% or so of IE users are using it just to test their exploits?

Think about it a moment.

[Ungrounded Lightning]

A better reading could be "people that exploit vulnerabilities of browsers prefer to not use those vulnerable browsers".

In particular:

"People who create websites containing malware that takes over the browsing computer NEED to use a browser that is immune to their own takeover tools for their command-and-control console."

Jeez. Think about it a moment. How the heck are they going to work on the thing if it eats their machine when they touch it?

The share of Firefox should be much greater

[Anonymous Coward]

From the original article:
Royal was able to monitor the browser, IP address, and in some cases operating system of many of the operators of these sites by sneaking a line of JavaScript into the referrer fields of browsers he had visit the site. When the webmasters viewed the logs, their browsers secretly visited a website under his control.
Many, if not most of these crim... technically savy people probably deactivate JavaScript, and the most convenient way to do it is NoScript on Firefox. Which means that these statistics only take into account browsers with JavaScript enabled, which, in turn, means that the share of Firefox is probably much greater than 46%. Those who used Firefox with NoScript simply weren't taken into account.

Re:frist psot

[Runaway1956]

Let's make asses of ourselves, and assume that the percentages would hold in larger samples. What would that tell us? Hmmmmmm. Maybe hackers know that FF and Opera are safer browsers than IE? Well, one has to ask, "Who would know better than a hacker?"

Alright, we've been asses long enough. Shitcan the silly assumption....

Sample Size Fail?

[Anonymous Coward]

"Of the 15 sites tracked, only two were hosted in the same country where their operator resided"

15 sites? That means that these amazing numbers are from a 15 point data sample? Are you kidding?

Also FF and O are also the most easily extensible. Meaning you can write your own scripts/software/addons/etc to help you screw up pages you visit.

So malware authors use these two browsers more than internet exploder? Fascinating.

Re:Dubious logic?

[Runaway1956]

An alternative conclusion could be, since Opera rules the market share in countries that use the cyrillic alphabet, most criminals are from Eastern Europe and Russia.

Still dubious logic, but hey, it's as good as the author's dubious logic!

Re:Obnoxious intersitial ad?

[falckon]

That may be so, but do you really think the value of that extra click is worth anything from a /. reader with this mindset. Next thing you know you'll be suggesting they should follow some of the ad links on the site, or buy some of the site's affiliate's products. This may even be enforced by having your affiliates track when each user visits their site or fills out some survey. Nevertheless, no matter what you do, people who believe that the web should be free will continue to believe so.

There's also a greater cause being supported. Paywalls are not conducive to an enjoyable internet. It's similar to the radio where I used to be able to enjoy music throughout the day. Over time radio air-time has been increasingly filled with ads to the point that it's no longer enjoyable to listen to. If websites require more forced advertising it will get to the point that you are forced to see more advertisement content than what you actually wanted to read in a day.

Re:Not representative

[rbb]

I think drawing any conclusions based 51 exploit-kit using hackers, from which only 15 IP addresses and browsers could be determined using a forged referer field [computerworld.com], is a prime example of bogus methodology ;)