Hackers Target Home PCs As Browser Bugs Soar

Hackers Target Home PCs As Browser Bugs SoarHackers racked up attacks on home PC users and financial services companies in the first half of this year, according to the latest Symantec Internet Security Threat Report Trends.

The report tracked Internet threat trends from January to June this year and discovered a new high in the volume of emerging vulnerabilities.

Employing a network of 40,000 sensors spread across 180 countries, Symantec identified 2,249 new vulnerabilities, with the majority of the new threats (69 per cent) being in Web applications.

Vulnerability researchers (now, there’s a job title!) found 47 flaws in the Mozilla Firefox and Mozilla browsers, a hefty increase of 17 flaws from the previous six months.

As expected, Microsoft led the pack with new threats, recording a total of 38 new threats affecting Microsoft’s Internet Explorer, up from 25 in the earlier period, with even Apple’s Safari browser notching up six more flaws to hit a total of 12 flaws.

Opera was the sole browser to see a drop in recorded vulnerabilities over the six months, dropping from nine to seven during the period.

No safe browser
“There is no safe browser,” senior director with Symantec Security Response, Vincent Weafer, finger-wagged. “If you’ve got a browser, make sure you’re configuring it correctly,” he added.

Although more bugs were found lurking in Mozilla than in IE, Symantec commended the open-source project for its prompt bug-fixing, with bugs usually being patched within one day of their public disclosure – the snappiest response of all measured browsers.

Opera came in second with an average two days to fix bugs, with Apple’s Safari recording a rather tardy five-days.

Hackers Target Home PCs As Browser Bugs SoarThe notoriously leisurely Microsoft averaged nine days per patch, but that snail-like response was still faster than Sun Microsystems.

The report found that home users were targeted most (86 per cent), with the US being the numero uno source of online attacks (37 percent), thanks to its large number of compromised machines with broadband connections,

“What really surprises is the way that attackers are moving,” says Dean Turner, editor of the bi-annual threat report.

“They’re now starting to target home users quite heavily primarily because home users are the weakest link in the security chain,” says Turner.

Phishing, spamming and badboy bots
Phishing continues to grow in popularity, with Symantec identifying a total of 157,477 distinct phishing messages over the six month period, while spam accounted for 54 per cent of all monitored email traffic, up 50 per cent.

Symantec also detected more than 4.6 million active bot network computers, registering an average of 57,717 active bot network computers per day.

Bot networks are commonly used in denial-of-service (DoS) attacks and their stats revealed an average of 6,110 DoS attacks per day.

The report concluded that polymorphic viruses are likely to grow, with Web 2.0 technologies and Instant Messaging affording new opportunities for pesky hackers to wreak havoc.

The real battleground, however, should come with the release of Microsoft’s Windows Vista operating system, which will see hackers doing their damndest to circumvent its new security features.