Mozilla Firefox is the most popular web browser with cyber criminals

According to the results of the three months study, conducted by Purewire principal researcher, Paul Royal, Mozilla's Firefox appeared to become the most preferred by exploit operators browser, leaving Opera behind to go second. So, criminals running websites that push drive-by exploits overwhelmingly prefer the Firefox browser. 

Thus, Mozilla's Firefox was used by 46% of the exploit kit operators who were tracked in the study. About 30% of the Firefox users browsed using a 3.0 version, while 13% had upgraded to the most recent 3.5 version. 

At the same time Opera that according to some estimations has only 2% of the market share, ranked second among the kit operators, with 26%. 

Making the research, Royal gathered the statistics by casing 15 websites that push LuckySploit and UniquePack, two widely used do-it-yourself kits for infecting visitors with potent exploit cocktails that target dozens of vulnerabilities in programs such as Adobe's ubiquitous Flash and Reader applications, IE, and Apple's QuickTime. Royal was able to monitor the browser, IP address, and in some cases operating system of many of the operators of these sites by sneaking a line of JavaScript into the referrer fields of browsers he had visit the site. 

Royal also found that among the 15 sites tracked, only two were hosted in the same country where their operator resided. In both cases, the country was Latvia, where law enforcement is widely viewed as being lax. However, in other eastern European countries the operators attempted to put space between them and their websites, despite it's hard to enforce cyber security laws. 

The US and Russia appeared to be the two most common countries for operators, with three browsers in each. The US was also the top location of the illegal websites. Latvia, the Netherlands, and China tied for second place with two browsers each.